Snyk uncovers supply chain security vulnerabilities in Visual Studio Code extensions
5y agoen
Source
This new VS Code extensions supply chain security threat has the potential to become a new attack playground, potentially impacting over 2,000,000 developers. Let’s take a deeper look.
You might also wanna read
Config File Auto-Execution Creates Supply Chain Security Blindspot Across IDEs and Package Managers
This article exposes a critical supply chain security blindspot where ordinary-looking configuration files in code repositories can automati
Security Researcher Discovers Vulnerabilities in VSCode Extensions and Core Software
A security researcher details their discovery and disclosure of three vulnerabilities in VSCode extensions and one in VSCode itself (CVE-202
VS Code Remote-SSH Vulnerability Enables Lateral Movement from Developer Machines to Cloud Servers
A critical vulnerability in Visual Studio Code's Remote-SSH extension creates a post-compromise attack path enabling threat actors to pivot
cybersecuritynews.com·1mo agoMalicious VS Code AI Extensions with 1.5M Installs Secretly Harvest Developer Codebases
Two popular VS Code AI coding extensions with 1.5 million installs have been identified as malicious, secretly harvesting developers' entire
VS Code tasks.json abuse enables multi-stage infostealer deployment
ThreatLocker·12d ago
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att

Comments
Sign in to join the conversation.
No comments yet. Be the first.