GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.