developer security

2 posts

GitHub-distributed VSCode extension executed unsanctioned code

A board-level brief on the compromised VSCode extension distributed through GitHub: what it exposed, what control did not function, and what must be true.

May 27, 2026

Article

The extension on your dock just shipped malware

A compromised VSCode extension reached GitHub. Breakdown of the trust boundary that failed and what developer endpoints actually expose.

May 20, 2026