- Several AI-powered forks of Microsoft Visual Studio Code (VS Code) recommended extensions that were not present in the Open VSX registry.
- Unclaimed namespaces allowed anyone to register those extension names and upload packages, creating a supply-chain risk.
- Attackers could publish malicious extensions that users install after seeing IDE recommendations, potentially exposing secrets and source code.
- Vendors and the Eclipse Foundation implemented fixes and registry safeguards after responsible disclosure.
On Jan. 6, 2026, security researchers reported that AI-powered forks of Microsoft Visual Studio Code (VS Code) — including Cursor, Windsurf, Google Antigravity, and Trae — offered extension recommendations that did not exist in the Open VSX registry, creating a potential supply-chain risk, according to Malware“>Koi.
These IDEs inherit recommended extension lists from Microsoft’s marketplace. Recommendations appear in two ways: file-based prompts when opening certain file types, and software-based prompts when specific programs are installed on the host system.
Researcher Oren Yomtov described the core issue: “The problem: these recommended extensions didn’t exist on Open VSX.” Because the namespaces were unclaimed, anyone could register them and upload arbitrary packages to the registry.
As an example, an attacker could publish a package named ms-ossdata.vscode-postgresql. When a developer with PostgreSQL installed opens one of the affected IDEs, they might see “Recommended: PostgreSQL extension” and install the suggested package, which could execute malicious code and expose credentials, secrets, or source code.
Koi published placeholder packages to demonstrate the risk and reported that the PostgreSQL placeholder attracted about 500 installs. Other extension names claimed by Koi as placeholders included ms-azure-devops.azure-pipelines, msazurermtools.azurerm-vscode-tools, usqlextpublisher.usql-vscode-ext, cake-build.cake-vscode, and pkosta2005.heroku-command.
Following responsible disclosure, Cursor, Windsurf, and Google released fixes. The Eclipse Foundation removed non-official contributors from the registry and enforced broader safeguards. Developers are advised to verify publisher identities before installing recommended extensions.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Morgan Stanley Moves to Issue Bitcoin and Solana ETFs Direct
- USDC Tops USDT in 2025: $75B Market on Regulatory Trust Rise
- PHALT#BLYX: Booking Phish Fakes BSoD, Installs DCRat -Hotels
- Lighter’s LIT jumps 37% amid buybacks and whale buys in DeFi
- Bitcoin Core v30 bug can erase BDB wallets; binaries pulled.
