A newly disclosed critical vulnerability in the Open VSX Registry, the open-source marketplace for Visual Studio Code (VS Code) extensions, has put millions of developers worldwide at risk of devastating supply chain attacks.
The flaw, discovered by cybersecurity researchers at Koi Security, could have allowed attackers to seize control of the entire extensions marketplace, enabling the silent distribution of malicious updates to developer environments across the globe.
https://gbhackers.com/open-vsx-marketplace-flaw/