
Malicious VSCode extension compromised 3,800 GitHub repos
hackernews·1mo·Timofeibu
A threat actor distributed a fake VSCode extension that stole GitHub credentials from developers, leading to unauthorized access across thousands of repositories. For indie makers relying on GitHub, this is a sharp reminder to audit your extensions and use token scoping—one compromised credential can expose your entire codebase.
Original story
Read the original on hackernewsRelated stories

Devtools
Vivix lets you watch JavaScript execute step-by-step in the browserHacker News Show HN·1mo·hlude
Devtools
Capstone: Open-source disassembly framework crosses platforms and architecturesHacker News·1mo·gregsadetsky

Devtools
Open Repair Data Standard aims to unify how repair shops track fixesHacker News·1mo·cassepipe