VS Code supply chain attack hits GitHub, OpenAI, and Mistral AI
… The common factor among all victims is developer tooling. The attack never needed to breach a perimeter. It entered through packages and extensions that developers routinely install, then harvested the credentials those developers use to access everything else. …