Open VSX introduces ovsxp_ token prefix and scanning hardening
Security Tool/Service
Summary
Hide ▲
Show ▼
Open VSX has introduced the ovsxp_ token prefix and broader scanning hardening, reducing the risk that leaked extension-publishing tokens remain exposed in public repositories. The update improves detection of compromised secrets and strengthens VS Code extension supply-chain protection. It also supports faster response when publishers accidentally expose credentials.
Related Happenings
Visual Studio Code adds two-hour delay for automatic extension updates
Security Tool/Service
H score10
First: 08.06.2026 09:08
Last: 08.06.2026 09:08
Sources 1
About this happening:
**Visual Studio Code (VS Code)** will delay automatic extension updates by **two hours** starting in **VS Code 1.123**, reducing exposure to **problematic or potentially compromis...
Visual Studio Code adds two-hour delay for automatic extension updates
Security Tool/ServiceAbout this happening: **Visual Studio Code (VS Code)** will delay automatic extension updates by **two hours** starting in **VS Code 1.123**, reducing exposure to **problematic or potentially compromis...
Visual Studio Code VS Code token-theft zero-day security flaw
Vulnerability
H score44
First: 03.06.2026 09:50
Last: 03.06.2026 09:50
Sources 1
About this happening:
A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...
Visual Studio Code VS Code token-theft zero-day security flaw
VulnerabilityAbout this happening: A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...
Latest development: 03.06.2026 15:58
Microsoft has acknowledged a Visual Studio Code vulnerability that can let an attacker use a crafted link and malicious webview message-passing to steal a victim's GitHub OAuth token via GitHub.dev, and said it is working on a fix; Microsoft also said the issue does not affect VS Code Desktop.
TeamPCP Mini Shai-Hulud npm supply-chain campaign
Campaign
H score75
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
About this happening:
The **TeamPCP**-linked **Mini Shai-Hulud** campaign is an active **npm supply-chain operation** that steals developer credentials and abuses trusted publishing paths to spread tro...
TeamPCP Mini Shai-Hulud npm supply-chain campaign
CampaignAbout this happening: The **TeamPCP**-linked **Mini Shai-Hulud** campaign is an active **npm supply-chain operation** that steals developer credentials and abuses trusted publishing paths to spread tro...
GlassWorm v2 cloned VS Code extension loaders
Malware Activity
H score30
First: 27.04.2026 14:23
Last: 27.04.2026 14:23
Sources 1
About this happening:
The **GlassWorm v2** malware activity now uses **cloned VS Code extensions** on **Open VSX** to deliver payloads that steal credentials, deploy a **RAT**, and spread across multip...
GlassWorm v2 cloned VS Code extension loaders
Malware ActivityAbout this happening: The **GlassWorm v2** malware activity now uses **cloned VS Code extensions** on **Open VSX** to deliver payloads that steal credentials, deploy a **RAT**, and spread across multip...
NAKIVO Backup & Replication v11.2 general-availability release adds ransomware defense and secure email auth
Security Tool/Service
H score48
First: 18.04.2026 16:45
Last: 18.04.2026 16:45
Sources 1
About this happening:
**NAKIVO Backup & Replication v11.2** is now generally available, adding **ransomware-resilience controls**, **OAuth 2.0 email authentication**, and expanded **VMware vSphere 9**...
NAKIVO Backup & Replication v11.2 general-availability release adds ransomware defense and secure email auth
Security Tool/ServiceAbout this happening: **NAKIVO Backup & Replication v11.2** is now generally available, adding **ransomware-resilience controls**, **OAuth 2.0 email authentication**, and expanded **VMware vSphere 9**...
Timeline
-
31.10.2025 10:02 2 articles · 8mo ago
Open VSX revokes leaked tokens and adds ovsxp_ scanning prefix
Mitigation Patch UpdateThe Eclipse Foundation's Open VSX registry revoked a small number of leaked publishing tokens after exposed access tokens were found in VS Code extensions and public repositories. It also introduced the ovsxp_ token prefix with the Microsoft Security Response Center (MSRC) to make exposed tokens easier to detect, and is adding shorter token lifetimes, easier revocation, and automated publication-time scanning for malicious code patterns or embedded secrets.
Show sources
- Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery — thehackernews.com — 31.10.2025 10:02
- Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery — thehackernews.com — 31.10.2025 10:02