Compromised developer credentials and API keys on the dark web are early indicators of impending supply chain attacks and enable proactive defense measures.
GitHub passed unscoped OAuth tokens to the VSCode browser instance, allowing attackers to access all private repositories of a developer via manipulated Jupyter Notebook extensions.