VSCode fork extension attack

Forked VSCode IDEs recommending non-existent OpenVSX extensions create a namespace hijack supply-chain risk.

Cyber News & Updates

VSCode fork extension attack: hijacked recommendations

AI-powered VSCode forks still recommend extensions missing in OpenVSX, letting attackers hijack namespaces and ship malware—here’s how to lock it down.
Read more →

Peter Chofield

·

Jan 6, 2026

·

3–5 minutes