Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Updated on October 15, 2025

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.
“A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,”…

Read the rest of the story at Read More

Source: The Hacker News

December 17, 2024 Uncategorized

Even Great Companies Get Breached — Fi...

January 8, 2024 Uncategorized

Webinar – Leverage Zero Trust Security...

May 5, 2025 Uncategorized

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Related posts

Even Great Companies Get Breached — Fi...

Webinar – Leverage Zero Trust Security...

Wormable AirPlay Flaws Enable Zero-Click...

Leave a Comment Cancel reply

Recent News

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide