SECURITY: Malicious VS Code Extensions Expose Developer and AI Tool Supply Chains

Software supply chain security risks increased after CERT-EU highlighted a campaign involving malicious Visual Studio Code extensions and trojanized dependencies distributed through trusted developer ecosystems.

For Supply Chain teams building scripts, analytics tools and Decision Apps, marketplace extensions and packages should be treated as third-party suppliers. Leaders should monitor approved repositories, dependency provenance, credential exposure and extension permissions.

More details are available in the CERT-EU bulletin.