Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Open VSX introduces ovsxp_ token prefix and scanning hardening

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Open VSX has introduced the ovsxp_ token prefix and broader scanning hardening, reducing the risk that leaked extension-publishing tokens remain exposed in public repositories. The update improves detection of compromised secrets and strengthens VS Code extension supply-chain protection. It also supports faster response when publishers accidentally expose credentials.

Related Happenings

TeamPCP Mini Shai-Hulud npm supply-chain campaign

Campaign
First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **TeamPCP**-linked **Mini Shai-Hulud** campaign is a **malicious npm supply-chain operation** that steals developer credentials and abuses trusted publishing paths to spread t...

Open Happening

GlassWorm v2 cloned VS Code extension loaders

Malware Activity
First: 27.04.2026 14:23 Last: 27.04.2026 14:23 Sources 1

About this happening: The **GlassWorm v2** malware activity now uses **cloned VS Code extensions** on **Open VSX** to deliver payloads that steal credentials, deploy a **RAT**, and spread across multip...

Open Happening

NAKIVO Backup & Replication v11.2 general-availability release adds ransomware defense and secure email auth

Security Tool/Service
First: 18.04.2026 16:45 Last: 18.04.2026 16:45 Sources 1

About this happening: **NAKIVO Backup & Replication v11.2** is now generally available, adding **ransomware-resilience controls**, **OAuth 2.0 email authentication**, and expanded **VMware vSphere 9**...

Open Happening

GlassWorm Zig dropper infecting developer IDEs

Malware Activity
First: 10.04.2026 16:23 Last: 10.04.2026 16:23 Sources 1

About this happening: The **GlassWorm** malware set now uses a **Zig dropper** that can silently infect **all VS Code-based IDEs** on a developer's machine, widening the reach of the compromise. The pa...

Open Happening

TeamPCP supply-chain credential-exploitation campaign

Campaign
First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: The **TeamPCP** campaign now includes a confirmed **GitHub** compromise tied to a poisoned **Nx Console VS Code extension**. GitHub said the breach of its internal repositories ca...

Latest development: 12.05.2026 01:03

TeamPCP compromised the Checkmarx Jenkins AST plugin by publishing a rogue version to repo.jenkins-ci.org on May 9, 2026, outside the official release pipeline. The malicious upload was tied to access to Checkmarx GitHub repositories and was used to deliver credential-stealing malware and malicious code to the affected organization.

Open Happening

Timeline

  1. 31.10.2025 10:02 2 articles · 6mo ago

    Open VSX revokes leaked tokens and adds ovsxp_ scanning prefix

    Mitigation Patch Update

    The Eclipse Foundation's Open VSX registry revoked a small number of leaked publishing tokens after exposed access tokens were found in VS Code extensions and public repositories. It also introduced the ovsxp_ token prefix with the Microsoft Security Response Center (MSRC) to make exposed tokens easier to detect, and is adding shorter token lifetimes, easier revocation, and automated publication-time scanning for malicious code patterns or embedded secrets.

    Show sources
    Open in new tab