GLOBAL SITUATIONMONITORING
517 published briefsUTCTue, May 19 19:11:24
OpenVSX namespace hijack
Attackers can claim unowned OpenVSX namespaces referenced by AI IDE recommendations and publish malicious extensions.
1 intelligence brief← Intelligence Hub
-
VSCode fork extension attack: hijacked recommendations
AI-powered VSCode forks still recommend extensions missing in OpenVSX, letting attackers hijack namespaces and ship malware—here’s how to lock it down.