Hijacked npm and Go Packages Deploy Python Infostealer via VS Code Tasks29. June 2026CybersecurityHijackers use VS Code Tasks instead of npm lifecycle scripts to deploy a Python infostealer and bypass npm v12 security hardening. Share on: