New research has uncovered a serious vulnerability involving the publishers of over 100 Visual Studio Code (VS Code) extensions who have leaked access tokens. These leaked tokens can be exploited by attackers to update the extensions maliciously. This situation poses a critical risk to the software supply chain as a compromised extension can significantly affect its entire user base. Attackers could distribute harmful updates, which might be downloaded and executed by unsuspecting users, leading to security breaches and data loss. Given the widespread use of VS Code extensions in various development environments, this issue necessitates immediate attention to mitigate potential risks. Developers and users are urged to review their installed extensions and monitor for unusual activity or updates to ensure their environments remain secure.
👉 Pročitaj original: The Hacker News
