Product

VS Code

2 briefs RSS

Shai-Hulud Malware Used in Supply Chain Attack via Compromised npm Packages

The Shai-Hulud malware was used in a large-scale software supply-chain attack compromising hundreds of packages across open-source software ecosystems by compromising developer secrets and CI/CD pipelines.

router +11 TeamPCP supply-chain supply-chain-attack npm pypi credential-theft shai-hulud

3r 7t 3i May 12, 2026

medium advisory

Suspicious Execution from VS Code Extension

2 rules 9 TTPs

Malicious VS Code extensions can execute arbitrary commands, leading to initial access and subsequent payload deployment on Windows systems.

VS Code initial-access execution supply-chain-compromise vscode

2r 9t Jan 3, 2024