Decrypt

GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...