GLOBAL SITUATIONMONITORING

517 published briefsUTCFri, Apr 24 13:13:25

Intelligence Tag

OpenVSX namespace hijack

Attackers can claim unowned OpenVSX namespaces referenced by AI IDE recommendations and publish malicious extensions.

1 intelligence brief← Intelligence Hub

VSCode fork extension attack: hijacked recommendations

AI-powered VSCode forks still recommend extensions missing in OpenVSX, letting attackers hijack namespaces and ship malware—here’s how to lock it down.

Peter Chofield

Jan 6, 2026

3–5 minutes