Find notable cyber news and cases, enriched with sources, timelines, and signals.

Open VSX introduces ovsxp_ token prefix and scanning hardening

Security Tool/Service
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

Open VSX has introduced the ovsxp_ token prefix and broader scanning hardening, reducing the risk that leaked extension-publishing tokens remain exposed in public repositories. The update improves detection of compromised secrets and strengthens VS Code extension supply-chain protection. It also supports faster response when publishers accidentally expose credentials.

Related Happenings

Visual Studio Code adds two-hour delay for automatic extension updates

Security Tool/Service
H score10 First: 08.06.2026 09:08 Last: 08.06.2026 09:08 Sources 1

About this happening: **Visual Studio Code (VS Code)** will delay automatic extension updates by **two hours** starting in **VS Code 1.123**, reducing exposure to **problematic or potentially compromis...

Visual Studio Code VS Code token-theft zero-day security flaw

Vulnerability
H score44 First: 03.06.2026 09:50 Last: 03.06.2026 09:50 Sources 1

About this happening: A **Visual Studio Code (VS Code) zero-day** lets attackers steal **GitHub OAuth tokens** by abusing the editor's **sandboxed webview message-passing system**. The flaw is especial...

Latest development: 03.06.2026 15:58

Microsoft has acknowledged a Visual Studio Code vulnerability that can let an attacker use a crafted link and malicious webview message-passing to steal a victim's GitHub OAuth token via GitHub.dev, and said it is working on a fix; Microsoft also said the issue does not affect VS Code Desktop.

TeamPCP Mini Shai-Hulud npm supply-chain campaign

Campaign
H score75 First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **TeamPCP**-linked **Mini Shai-Hulud** campaign is an active **npm supply-chain operation** that steals developer credentials and abuses trusted publishing paths to spread tro...

GlassWorm v2 cloned VS Code extension loaders

Malware Activity
H score30 First: 27.04.2026 14:23 Last: 27.04.2026 14:23 Sources 1

About this happening: The **GlassWorm v2** malware activity now uses **cloned VS Code extensions** on **Open VSX** to deliver payloads that steal credentials, deploy a **RAT**, and spread across multip...

NAKIVO Backup & Replication v11.2 general-availability release adds ransomware defense and secure email auth

Security Tool/Service
H score48 First: 18.04.2026 16:45 Last: 18.04.2026 16:45 Sources 1

About this happening: **NAKIVO Backup & Replication v11.2** is now generally available, adding **ransomware-resilience controls**, **OAuth 2.0 email authentication**, and expanded **VMware vSphere 9**...

Timeline

  1. 31.10.2025 10:02 2 articles · 8mo ago

    Open VSX revokes leaked tokens and adds ovsxp_ scanning prefix

    Mitigation Patch Update

    The Eclipse Foundation's Open VSX registry revoked a small number of leaked publishing tokens after exposed access tokens were found in VS Code extensions and public repositories. It also introduced the ovsxp_ token prefix with the Microsoft Security Response Center (MSRC) to make exposed tokens easier to detect, and is adding shorter token lifetimes, easier revocation, and automated publication-time scanning for malicious code patterns or embedded secrets.

    Show sources