Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Posted on October 15, 2025 • 1 min read • 65 words

Share via

Link copied to clipboard

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Read on Hackernews

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. “A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,”

F5 Breach Exposes BIG-IP Source Code Nation-State Hackers Behind Massive Intrusion

Google will let friends help you recover an account

Everything coding, technology, and digital Life