Post AYaZUaIF8RdRuEChAe by aev@mastodon.sdf.org
 (DIR) More posts by aev@mastodon.sdf.org
 (DIR) Post #AYaZUaIF8RdRuEChAe by aev@mastodon.sdf.org
       2023-08-10T12:57:19Z
       
       0 likes, 1 repeats
       
       Whoops: #vscode is vulnerable to malicious plug-ins stealing authentication tokens from other plug-ins and even from its integration with Github. A hijacked token allows unlimited access to sources. #cybersecurity #packagehijack #pluginhijack https://cycode.com/blog/exposing-vscode-secrets/