Tag
marketplace-security
Safeguard articles tagged "marketplace-security" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Supply Chain Security
IDE extension marketplace trust and verification
Wiz Research found 550+ leaked secrets across 500+ VS Code extensions, including publisher tokens that let attackers push malicious updates to entire install bases.
Jul 10, 20266 min read
Incident Postmortem
GitHub VS Code Extension Breach (20 May 2026): What Happened, How It Worked, and What to Do Monday Morning
GitHub disclosed on 20 May 2026 that a poisoned VS Code Marketplace extension was used to exfiltrate roughly 3,800 private repositories from enterprise engineering orgs, landing in the middle of a broader May 2026 wave of developer-surface supply chain attacks.
May 20, 202616 min read