GitHub developers targeted by fake VS Code alerts spreading malware

The 'Discussions' section is being manipulated into delivering malware to software devs.
TechCrunch

Socket lands $20M investment to help companies secure open source software

Socket, a startup that provides a scanning tool to detect security vulnerabilities in open source code, today announced that it raised $20 million in a Series A round led by Andreessen Horowitz (a16z) ...
TechCrunch

Socket lands $4.6M to audit and catch malicious open source code

Securing the software supply chain is admittedly somewhat of a dry topic, but knowing which components and code go into your everyday devices and appliances is a critical part of the software ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...