The Hacker News
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace.
The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft's VS Code Marketplace and Open VSX to have inadvertently exposed their access tokens within public repositories, potentially allowing bad actors to seize control and distribute malware, effectively poisoning the extension supply chain.
"Upon investigation, we confirmed that a small number of tokens had been leaked and could potentially be abused to publish or modify extensions," Mikaël Barbero, head of security at the Eclipse Foun
FOX 13 Tampa Bay Crime
PC World Business
Fast Company Lifestyle
America News
The Columbian Politics
NFL Jacksonville Jaguars
ABC6 Rhode Island
The Monroe News
Raw Story
The List