
Malicious VSCode extension compromised 3,800 GitHub repos
hackernews·1mo·Timofeibu
A threat actor distributed a fake VSCode extension that stole GitHub credentials from developers, leading to unauthorized access across thousands of repositories. For indie makers relying on GitHub, this is a sharp reminder to audit your extensions and use token scoping—one compromised credential can expose your entire codebase.
Original story
Read the original on hackernewsRelated stories
AI
HYVE Ether OS goes on pre-sale: a $499 sovereign AI operating system you actually ownVibe Software Solutions·1mo·Anthony S. Owens
AI
claude-handoff-revive lets you resume Claude Code sessions without re-explaining everythingHacker News Show HN·1mo·sofumel