We have been witnessing an ever-growing amount of supply chain security incidents in the wild. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE.

Recently, Snyk has discovered and disclosed vulnerabilities that pose a real and imminent threat to developers who use these extensions. The potential compromise is so significantly severe that a remote code execution on a developer’s machine is possible by simply tricking the developer to click a link.

This new VS Code extensions supply chain security threat has the potential to become a new attack playground, potentially impacting over 2,000,000 developers. Join Liran Tal, and Kirill Efimov in this live hacking session where we talk about supply chain security and demonstrate the different attacks on unsuspecting developers.