GLOBAL SITUATIONMONITORING
517 published briefsUTCFri, Apr 24 13:13:00
VSCode fork extension attack
Forked VSCode IDEs recommending non-existent OpenVSX extensions create a namespace hijack supply-chain risk.
1 intelligence brief← Intelligence Hub
-
VSCode fork extension attack: hijacked recommendations
AI-powered VSCode forks still recommend extensions missing in OpenVSX, letting attackers hijack namespaces and ship malware—here’s how to lock it down.