The Open VSX Registry investigated a significant security breach where developer tokens were unintentionally exposed in public repositories. The investigation revealed that a limited number of tokens from Open VSX accounts were compromised. A coordinated malware campaign named ‘GlassWorm’ exploited these tokens to publish harmful extensions on the platform, leading to multiple malicious extensions being downloaded before their removal. Open VSX acted promptly to revoke compromised tokens and remove malicious extensions.
In response to the incident, Open VSX and Microsoft collaborated to enhance security by introducing new scanning protocols and tightening token validity periods to mitigate the risk of future breaches. Automated scanning was implemented at publication, aiming to detect malicious code patterns preemptively. Although the incident’s reported download figures were inflated due to bot traffic, Open VSX confirmed the situation has been contained as of October 21, 2025, with no more malicious extensions present. This incident emphasizes the importance of improving security measures within open-source extension marketplaces, showcasing how such crises can lead to stronger protections for developers.
👉 Pročitaj original: Cyber Security News
