This article discusses the security risks associated with trust-based models in popular IDEs like VS Code and Cursor, highlighting vulnerabilities that can be exploited by malicious extensions. It introduces IDE-SHEPHERD, an open-source extension that monitors and blocks harmful operations in real-time, offering a more granular trust model and enhanced protections for developers.

This article discusses a security flaw in popular AI IDEs like Cursor and Windsurf, which recommended non-existent extensions from Microsoft’s marketplace. The authors proactively claimed vulnerable namespaces on OpenVSX to prevent malicious uploads, securing the environment for developers.

The Glassworm malware campaign has resurfaced with 24 new malicious packages on OpenVSX and the Microsoft Visual Studio Marketplace. This malware uses hidden code to steal developer credentials and cryptocurrency data while providing remote access to attackers. Despite prior containment efforts, it continues to evade detection and reappear on these platforms.

Two harmful extensions on the Visual Studio Code Marketplace, Bitcoin Black and Codo AI, steal sensitive information from developers' machines. They can capture screenshots, credentials, and hijack browser sessions, and were published under the name 'BigBlack.' Microsoft has since removed both extensions from the marketplace.

AI-driven IDEs like Cursor and Google Antigravity recommend extensions that may not exist in the OpenVSX registry. This gap allows malicious actors to claim unregistered namespaces and potentially distribute malware. Researchers have reported the issue and taken steps to prevent exploitation.

A set of ten malicious VSCode extensions on the Microsoft Visual Studio Code Marketplace has been found to infect users with the XMRig cryptominer for Monero. These extensions masquerade as legitimate tools and execute a PowerShell script to install the malware while also disabling critical Windows security features. Microsoft has since removed the extensions and blocked the publisher from the marketplace.

A browser hijacking campaign has infected 2.3 million users of Chrome and Edge through malicious extensions that started as legitimate tools. These extensions, which include features like color pickers and emoji keyboards, were later updated to include malware that tracks user activity and redirects browser sessions. Microsoft has removed the extensions from its store, but Google has not yet responded to the incident.

The article highlights 10 lesser-known Burp extensions that provide valuable features for security testing, despite not being among the most popular in the BApp Store. Each extension offers unique functionalities, such as session token management, SAML message manipulation, and vulnerability detection, aimed at enhancing the user's testing capabilities. Readers are encouraged to share their own favorite Burp extensions in the comments.

Mozilla has introduced a feature that allows Firefox extension developers to roll back to previously approved versions of their extensions, enabling quick fixes for critical bugs. If a developer reverts an extension, users will automatically receive the previous version within 24 hours if automatic updates are enabled. This feature is available for extensions with at least two approved versions and aims to enhance the security and reliability of add-ons in the Firefox ecosystem.

Microsoft Edge is set to implement a new security feature that will automatically detect and revoke malicious sideloaded extensions, enhancing user protection against harmful third-party extensions. The feature aims to address the risks of sideloading, which has previously led to significant user exploitation. Scheduled for release in November, this update is part of broader security improvements for Edge, including new developer account protections and performance alerts for harmful extensions.

OX Security's research reveals critical flaws in the verification processes of popular IDEs like Visual Studio Code, Visual Studio, and IntelliJ IDEA, allowing malicious extensions to appear verified. These vulnerabilities can lead to arbitrary code execution on developers' machines, underscoring the need for improved security measures in extension signing and installation practices.

A significant vulnerability was discovered in the Open VSX marketplace, which could allow attackers to gain full control over millions of developer machines by publishing malicious updates to extensions. This flaw, rooted in a CI issue, underscores the risks associated with untrusted third-party software in development environments.