Open VSX and Microsoft have taken action to address leaked access tokens in Visual Studio Code extensions, reducing the risk of malicious activity. These steps include revoking leaked tokens, introducing new security measures, and removing malicious extensions linked to the GlassWorm campaign. #OpenVSX #VisualStudioCodeExtensions
Keypoints
- Open VSX revoked a small number of leaked tokens to prevent abuse.
- The leak resulted from developer mistakes, not infrastructure compromise.
- New token prefix format “ovsxp_” has been introduced to improve detection.
- Extensions flagged by Koi Security related to the GlassWorm malware campaign have been removed.
- Security enhancements include shorter token lifetimes, easier revocation, and automated malicious code scanning.
Read More: https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html