GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
Tom's Hardware on MSN
Invisible malicious code attacks 151 GitHub repos and VS Code
The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code editor and terminal.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results