Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

VS Code forks recommend nonexistent Open VSX extensions, enabling namespace-hijack supply-chain risk

Technical Analysis
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Researchers found that Cursor, Windsurf, Google Antigravity, and Trae can recommend non-existent Open VSX extensions, creating a supply-chain risk if an attacker claims the unregistered namespace. A trusted-looking install prompt could then deliver a rogue package such as ms-ossdata.vscode-postgresql, putting credentials, secrets, and source code at risk.

Related Happenings

Rogue Checkmarx Jenkins AST plugin release on Jenkins Marketplace

Security Tool/Service
First: 12.05.2026 01:03 Last: 12.05.2026 01:03 Sources 1

About this happening: A **rogue 2026.5.09 release** of the **Checkmarx Jenkins AST plugin** was uploaded to **repo.jenkins-ci.org**, undermining trust in a security-scanning component used in **Jenkins...

Open Happening

Cursor local SQLite secret-storage exposing credentials security flaw

Vulnerability
First: 29.04.2026 18:00 Last: 29.04.2026 18:00 Sources 1

About this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...

Open Happening

GlassWorm v2 cloned VS Code extension loaders

Malware Activity
First: 27.04.2026 14:23 Last: 27.04.2026 14:23 Sources 1

About this happening: The **GlassWorm v2** malware activity now uses **cloned VS Code extensions** on **Open VSX** to deliver payloads that steal credentials, deploy a **RAT**, and spread across multip...

Open Happening

Open VSX pre-publish scanning fail-open now patched security flaw

Vulnerability
First: 27.03.2026 15:57 Last: 27.03.2026 15:57 Sources 1

About this happening: A **now-patched fail-open bug** in **Open VSX's pre-publish scanning pipeline** could let **malicious VS Code extensions** bypass vetting and go live in the registry, weakening a...

Open Happening

Cursor IDE MCP deeplink code execution security flaw

Vulnerability
First: 17.03.2026 17:00 Last: 17.03.2026 17:00 Sources 1

About this happening: A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...

Open Happening

Timeline

  1. 06.01.2026 13:25 1 articles · 4mo ago

    Koi discloses missing Open VSX extension recommendations

    Initial Disclosure

    Koi disclosed that AI-powered VS Code forks including Cursor, Windsurf, Google Antigravity, and Trae can recommend extensions that do not exist in Open VSX, leaving unclaimed namespaces that a malicious publisher could register and abuse.

    Show sources
    Open in new tab
  2. 06.01.2026 13:25 2 articles · 4mo ago

    Open VSX namespace-hijack path exposes rogue extension installs

    Technical Analysis Update

    The recommendation mechanism in these VS Code forks inherits official extension lists from Microsoft's extensions marketplace, so a missing Open VSX name such as ms-ossdata.vscode-postgresql can be claimed and presented as a trusted-looking PostgreSQL recommendation, enabling rogue package installation and exposing credentials, secrets, and source code.

    Show sources
    Open in new tab