{"id":8139,"date":"2025-11-03T10:03:35","date_gmt":"2025-11-03T10:03:35","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/11\/03\/open-vsx-rotates-tokens-used-in-supply-chain-malware-attack\/"},"modified":"2025-11-03T10:03:35","modified_gmt":"2025-11-03T10:03:35","slug":"open-vsx-rotates-tokens-used-in-supply-chain-malware-attack","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/11\/03\/open-vsx-rotates-tokens-used-in-supply-chain-malware-attack\/","title":{"rendered":"Open VSX rotates access tokens used in supply-chain malware attack"},"content":{"rendered":"<p>    Open VSX rotates access tokens used in supply-chain malware attack<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. [&#8230;]<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bill Toulas<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/open-vsx-rotates-tokens-used-in-supply-chain-malware-attack\/\">Go to bleepingcomputer<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Open VSX rotates access tokens used in supply-chain malware attack The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. [&#8230;] Bill Toulas Go to bleepingcomputer<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[64,133],"tags":[80],"class_list":["post-8139","post","type-post","status-publish","format-standard","hentry","category-bleepingcomputer","category-security","tag-bleepingcomputer"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8139"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8139"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8139\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}