The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted ...
Arabian Post on MSN
Registry Token Leak Exposes Open VSX Supply-Chain Weakness
A significant security breach involving the open-source extension registry Open VSX Registry and maintained by Eclipse Foundation has exposed a vulnerability in the software-supply-chain ecosystem.
Open VSX fully contained the GlassWorm attacks and says it was not a self-replicating worm in the traditional sense. The GlassWorm campaign that infected VS Code extensions in the Open VSX marketplace ...
A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback