The cost of trusting the extension ecosystem.

**Executive Summary:** The CyberWire Daily roundup summarizes multiple active and high-impact cybersecurity stories: GitHub confirmed a breach affecting ~3,800 repositories via a malicious VS Code extension; Drupal released an urgent patch for a critical core vulnerability; Cisco Talos tracks an evolving BadIIS malware-for-hire ecosystem; and other items cover anti-phishing measures, abuse of malware-signing services tied to ransomware pathways, and reports of domestic routers hijacked for phishing — indicating a mix of supply-chain, vulnerability, and organized malware threats.