Open VSX rotates access tokens used in supply-chain malware attack
The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in a supply chain attack. Wiz researchers discovered two weeks ago, when they reported an exposure of over 550 secrets across Microsoft VSCode and Open VSX marketplaces. Some of those…