The Hacker News

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

AI-based VS Code forks recommended unclaimed extensions, allowing malicious uploads in Open VSX and risking developer systems ...
Bleeping Computer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...

VSCode IDE forks expose users to "recommended extension" attacks

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, ...
Infosecurity-magazine.com

Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...
TechRadar

VSCode market struck by huge influx of malicious WhiteCobra extensions - so be warned

Researchers found 24 malicious extensions in Visual Studio Marketplace and Open VSX Registry deploying Lumma Stealer and other malware The attack targeted cryptocurrency holders and developers, with ...