VSCode Marketplace can be abused to host malicious extensions
Threat analysts at AquaSec have experimented with the security of VSCode Marketplace and found that it's surprisingly easy to upload malicious extensions from accounts that appear verified on the platform. [...]