A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
I remember seeing a lot about activeX controls as a kid but not understanding them much. As an adult reading this I was like “were they a way to run arbitrary code on a user’s computer?”
Yes, they were a way to run arbitrary code on a user’s computer.