Threat actors have made over 81 million login attempts in a massive password spray campaign targeting Azure CLI.
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
The July 8, 2026, Visual Studio Code update expands agent workflows, chat attachments, browser-tab controls, OS-level shortcuts and enterprise telemetry management.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...