Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Visual Studio Code Marketplace deleted extension name reuse loophole

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Visual Studio Code Marketplace now allows deleted extension names to be reused, opening a supply-chain abuse path for republishing malicious add-ons under previously used names. The flaw can help attackers make harmful extensions look familiar and bypass user suspicion. A malicious extension, ahbanC.shiba, was linked to earlier removed extensions with nearly the same name.

Related Happenings

Legitimate-looking Chrome extension prompt-poaching campaign

Campaign
First: 25.03.2026 13:00 Last: 25.03.2026 13:00 Sources 1

About this happening: A recurring **Chrome extension** campaign is stealing **AI conversations** from users, exposing prompts, answers, and other sensitive content to attacker-controlled servers. The a...

Open Happening

AiFrame malicious Chrome extension spraying operation

Malware Activity
First: 13.02.2026 13:25 Last: 13.02.2026 13:25 Sources 1

About this happening: The **AiFrame** operation spread fake **Chrome** AI assistants that delivered malicious extensions, putting **over 260,000 Google Chrome users** at risk of **credential theft**, e...

Open Happening

ChatGPT Mods token-stealing browser-extension campaign

Campaign
First: 30.01.2026 15:42 Last: 30.01.2026 15:42 Sources 1

About this happening: The **ChatGPT Mods** campaign used **16 browser extensions** to inject a **content script** into **chatgpt[.]com**, stealing authentication tokens that could let operators imperso...

Open Happening

Developers' source code exposed through malicious VS Code extensions

Data Leak
First: 26.01.2026 17:43 Last: 26.01.2026 17:43 Sources 1

About this happening: **Malicious VS Code extensions** have been found **exfiltrating developers' source code** and workspace changes to **China-based servers**, exposing sensitive code across **1.5 mi...

Open Happening

Malicious Chrome extensions hijack Workday, NetSuite, and SuccessFactors sessions

Malware Activity
First: 16.01.2026 16:09 Last: 16.01.2026 16:09 Sources 1

About this happening: **Five malicious Google Chrome extensions** are impersonating **Workday, NetSuite, and SuccessFactors** to steal credentials and hijack victim sessions, creating immediate **accou...

Open Happening

Timeline

  1. 28.08.2025 20:10 2 articles · 9mo ago

    Visual Studio Code Marketplace allows reuse of deleted extension names

    Initial Disclosure

    Researchers identified a Visual Studio Code Marketplace loophole that lets threat actors reuse names of previously removed extensions, creating a supply-chain abuse path for republishing malicious add-ons under familiar names. ReversingLabs linked the behavior to ahbanC.shiba, which functioned similarly to earlier removed extensions ahban.shiba and ahban.cychelloworld, and said the name could be reused once an extension is removed from the repository.

    Show sources
    Open in new tab