Authentication token theft by extensions likely with Microsoft VS Code vulnerability

9 August 2023

BleepingComputer reports that malicious extensions could facilitate the theft of Windows, macOS, and Linux credential manager-stored authentication tokens using a vulnerability in the Microsoft Visual Studio Code editor and development environment. Cycode researchers have leveraged the flaw, which stems from the absence of authentication token isolation in VS Code’s “Secret Storage”

Source: SC Magazine

Date:

9 August 2023

Categorie(s):

NEWS

Tag(s):

Authentication, IT, Microsoft, News, VS Code

Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble18 November 2024
One in five DocuSign spoofs targeting businesses found to be impersonations of regulatory agencies18 November 2024
Palo Alto sounds alarm over PAN-OS zero-day attacks18 November 2024
Software Liability Comes to the EU: Navigating New Compliance Challenges18 November 2024
T-Mobile US ‘monitoring’ China’s ‘industry-wide attack’ amid fresh security breach fears18 November 2024