1
A hacker group is poisoning open source code at an unprecedented scale
黑客通过VSCode扩展投毒开源代码,GitHub遭供应链攻击,规模史无前例。
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.
2
GitHub confirms breach of 3,800 repos via malicious VSCode extension
恶意VSCode扩展致GitHub 3800个仓库被入侵,供应链安全警钟再响
Previous thread in sequence: GitHub is investigating unauthorized access to their internal repositories - https://news.ycombinator.com/item?id=4820131…