Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could’ve let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat’s been patched”, but the wake-up call is clear: extensions are a new, massive supply chain risk.
First seen on bleepingcomputer.com
Jump to article: www.bleepingcomputer.com/news/security/the-zero-day-that-couldve-compromised-every-cursor-and-windsurf-user/
