With the intention of building supply chain attacks, malicious extensions could be uploaded using a new attack vector that targets the Visual Studio Code extensions marketplace. According to Ilay Goldman, a security researcher at Aqua, the method “may operate as an entrance point for an assault on multiple organizations,” in a paper released last week. […]
This article has been indexed from Information Security Buzz
Read the original article: