Security researchers are warning about a bug in Microsoft Visual Studio installer that gives cyberattackers a way to create and distribute malicious extensions to application developers, under the guise of being a legitimate software publisher. From there, they could infiltrate development environments, taking control, poisoning code, stealing high-value intellectual property, and more.
Source: Dark Reading: Cloud