Topic: extension marketplace
-
Beware: VSCode Forks Risk "Recommended Extension" Attacks
A security flaw in popular AI-assisted IDEs (like Cursor and Windsurf) stems from their inherited "recommended extension" lists pointing to Microsoft's marketplace, which they cannot access, leaving unclaimed namespaces vulnerable to malicious takeover on the OpenVSX registry they use instead. Th...
Read More » -
Popular Chrome Extension Exposed for Siphoning Millions of AI Chat Histories
A popular Chrome extension, Urban VPN Proxy, secretly harvested all user prompts and AI chatbot responses from platforms like ChatGPT and Claude without clear consent, despite its "Featured" badge and millions of installations. The extension's update activated data collection by default, sending ...
Read More » -
Critical Zero-Day Threat for Cursor & Windsurf Users Exposed
A zero-day vulnerability in AI coding tools (e.g., Cursor, Windsurf) exposed developers to machine hijacking via compromised extensions, with attackers exploiting OpenVSX's automated publishing system. The flaw, dubbed VSXPloit, allowed attackers to push malicious updates silently through depende...
Read More »