New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.
“A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,”Read More
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks [email protected] (The Hacker News)
by
Tags: