VSCode Marketplace, a repository for Visual Studio Code (VSC) externsions, has poor security defenses, allowing threat actors to abuse it and distribute malicious code among the millions of its users, experts have warned. A report from AquaSec tested the platform and concluded that abusing it to distribute malware (opens in new tab) was ridiculously easy.  Furthermore, the researchers claim they weren’t the first to spot the flaws – some threat actors were already active.
…
Read more