VSCode IDE Forks Expose Users to “recommended extension” Attacks

Forks of VSCode IDEs like Cursor and Google Antigravity recommend non-existent extensions from OpenVSX, risking malware exploitation as attackers can claim unregistered namespaces. Koi Security researchers reported the flaw; Cursor fixed it, and Google removed 13 recommendations. Users should verify extensions directly on OpenVSX to ensure safety.

https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top