VSCode IDE forks expose users to "recommended extension" attacks

Published on January 5, 2026

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing threat actors to claim the namespace and upload malicious extensions. [...]

Continue reading on website
Other news

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

January 5, 2026
The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient."Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality," the company said in an analysis published last week.Kimwolf

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

January 5, 2026
The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives."This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025," the 360 Threat Intelligence Center said in