Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks The Hacker Newsinfo@thehackernews.com (The Hacker News)

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.
“A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,” New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.
“A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,”

In The News

Tech Jacks
Derrick Jackson is a IT Security Professional with over 10 years of experience in Cybersecurity, Risk, & Compliance and over 15 Years of Experience in Enterprise Information Technology

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks The Hacker [email protected] (The Hacker News)

Like this:

Leave A Reply

Leave a Reply Cancel reply

Blog

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks The Hacker [email protected] (The Hacker News)

Share this:

Like this:

Leave A Reply

Leave a Reply Cancel reply

Blog