Back to the feed
Malicious VSCode extension compromised 3,800 GitHub repos
DevtoolsOpen source

Malicious VSCode extension compromised 3,800 GitHub repos

hackernews·4d·Timofeibu

A threat actor distributed a fake VSCode extension that stole GitHub credentials from developers, leading to unauthorized access across thousands of repositories. For indie makers relying on GitHub, this is a sharp reminder to audit your extensions and use token scoping—one compromised credential can expose your entire codebase.

Original story

Read the original on hackernews