VSCode IDE Forks Expose Users To ‘Recommended Extension’ Attacks
An anonymous reader shares a report: Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions.

These AI-assisted IDEs are forked from Microso … ⌘ Read more