Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited

This weekly roundup highlights numerous active cybersecurity issues: a supply-chain compromise via a malicious VS Code extension linked to TeamPCP affecting popular developer tooling, multiple critical CVEs being actively exploited (including NGINX and Microsoft Defender/BitLocker flaws), ongoing infostealer and malware campaigns, and broader trends such as shrinking vulnerability-to-exploit timelines and AI-related attack surface changes.