Dangerous and invisible worm found in Visual Studio Code extensions

A malware that steals credentials and cryptocurrencies uses Unicode for invisible code and installs a remote access trojan.
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
Techzine Europe

Invisible malware spreads via VS Code extensions

A new cyber threat is affecting developers worldwide who work with Visual Studio Code. Researchers at Koi Security have ...