Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

Over 100 Visual Studio Code (VS Code) extensions leaked access tokens, exposing developers to supply chain risks. Wiz security researchers found over 550 validated secrets in more than 500 extensions, including AI provider secrets, cloud service provider secrets, and database secrets. Microsoft has revoked the leaked tokens and is adding secret scanning capabilities to block extensions with verified secrets.