Advertisement
GitHub Repository Breach: 3,800 Repos Accessed via VS Code Extension
GitHub confirms a security incident where a malicious VS Code extension compromised an employee account, leading to the unauthorized access of 3,800 repos.
Nx Console 18.95.0 Compromise: VS Code Extension Credential Stealer
Security researchers have identified a compromised version of the Nx Console VS Code extension (18.95.0) containing a malicious credential stealer.
GlassWorm Campaign Leverages Malicious VS Code Extensions
Runtime Rebel details the GlassWorm campaign, which infects developers via malicious Visual Studio Code extensions on Open VSX, facilitating a supply chain attack.
GlassWorm Malware: Cloned Open VSX Extensions Target Developers
Over 70 malicious Open VSX extensions cloned from popular tools deliver GlassWorm malware, highlighting risks in developer-focused supply chain attacks.
Open VSX Registry Security Bypass: Malicious VS Code Extensions Risk
A logic error in the Open VSX pre-publish scanning pipeline allowed malicious VS Code extensions to bypass security checks. Read our technical analysis.
TeamPCP Supply Chain Attacks Target Docker Hub, PyPI, and VS Code
TeamPCP expands supply chain attack tactics from GitHub Actions to Docker Hub, PyPI, and VS Code extensions, collaborating with the Lapsus$ hacking group.
Checkmarx KICS & VS Code Plugin Targeted in Supply Chain Attack
TeamPCP exploited Checkmarx KICS, VS Code plugins, and LiteLLM in a supply chain attack targeting code scanners and AI libraries, indicating expanding threats.
GlassWorm Abuses Open VSX Registry in Supply-Chain Attack
The GlassWorm campaign exploits transitive dependencies in 72 Open VSX extensions to deliver malicious loaders into developer environments.