Topic: koi security

Sort by: Relevance | Date
  • Dangerous VSCode Extensions Steal Crypto on OpenVSX
    October 21, 2025
    75%

    Dangerous VSCode Extensions Steal Crypto on OpenVSX

    Malicious extensions in the VSCode ecosystem, such as C++ Playground and HTTP Format, have been downloaded thousands of times and are designed to steal cryptocurrency or create backdoors, with the threat actor TigerJack repeatedly uploading them under new names to evade detection. These extension...

    Read More »
  • Critical Zero-Day Threat for Cursor & Windsurf Users Exposed
    July 13, 2025
    50%

    Critical Zero-Day Threat for Cursor & Windsurf Users Exposed

    A zero-day vulnerability in AI coding tools (e.g., Cursor, Windsurf) exposed developers to machine hijacking via compromised extensions, with attackers exploiting OpenVSX's automated publishing system. The flaw, dubbed VSXPloit, allowed attackers to push malicious updates silently through depende...

    Read More »

Related Topics

malicious extensions (1) arbitrary code execution (1) ai coding tools (1) backdoor installation (1) supply chain attack (1) source code theft (1) zero-day vulnerability (1) tigerjack campaign (1)