VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

Updated on January 6, 2026

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors publish malicious packages under those names.
The problem, according to Koi, is that these…

Read the rest of the story at Read More

Source: The Hacker News

October 16, 2024 Uncategorized

CISA Warns of Active Exploitation in Sol...

May 5, 2025 Uncategorized

Perfection is a Myth. Leverage Isn’...

April 30, 2025 Uncategorized

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

Related posts

CISA Warns of Active Exploitation in Sol...

Perfection is a Myth. Leverage Isn’...

Indian Court Orders Action to Block Prot...

Leave a Comment Cancel reply

Recent News

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes