Overview
- Wiz validated more than 550 secrets across 500-plus extensions from hundreds of publishers, spanning 67 types that include AI, cloud and database credentials.
- Over 100 extensions exposed VS Code Marketplace personal access tokens covering roughly 85,000 installs, and about 30 leaked Open VSX tokens tied to at least 100,000 installs, enabling attacker-controlled updates.
- Microsoft revoked exposed tokens and deployed secret-scanning on the VS Code Marketplace, beginning to block extensions with verified secrets on September 22 after announcing the change in August.
- Koi Security detailed a campaign by the TigerJack actor using legitimate-looking extensions that capture keystrokes, mine cryptocurrency or fetch remote code, with removals on the Marketplace but continued availability and republishing on Open VSX.
- Researchers warn that Open VSX’s use in AI-focused forks like Cursor and Windsurf broadens exposure and advise keeping an extension inventory, using centralized allowlists, limiting installs and reconsidering auto-updates.