New research has uncovered that publishers of over 100 Visual
Studio Code (VS Code) extensions leaked access tokens that could be
exploited by bad actors to update the extensions, posing a critical
software supply chain risk. "A leaked VSCode Marketplace or Open
VSX PAT [personal access token] allows an attacker to directly
distribute a malicious extension update across the entire install
base,"
Read more https://thehackernews.com/2025/10/over-100-vs-code-extensions-exposed.html
