VSCode Forks Vulnerable to Extension-Based Attacks
Originally Published 7 days ago — by BleepingComputer
Forked AI-powered IDEs based on VSCode recommend extensions that are not in the official OpenVSX registry, creating a security vulnerability where threat actors can claim unregistered namespaces to upload malicious extensions. Researchers identified this issue, coordinated with affected parties, and took measures to block malicious namespace claims, advising users to verify extension sources manually.