Security News VSCode IDE forks expose users to "recommended extension" attacks BleepingComputer Daniel Bender 05 Jan 2026 Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions.
