Tag
open-vsx
Safeguard articles tagged "open-vsx" — guides, analysis, and best practices for software supply chain and application security.
3 articles
AI Security
The Cursor extension that cost a developer $500,000
A fake Solidity extension on Open VSX was downloaded 50,000+ times, dropped an infostealer, and drained $500K in crypto — how the marketplace trust model failed.
Jul 16, 20266 min read
Supply Chain Attacks
The Cursor IDE extension that stole $500K: a supply chain post-mortem
A fake 'Solidity Language' extension hit 50,000+ downloads on Open VSX before stealing $500K in crypto. Here's how IDE marketplaces became a trust gap.
Jul 9, 20265 min read
Threat Intelligence
Malicious browser and IDE extensions (Chrome, Firefox, VS...
How the Cyberhaven Chrome extension breach and the GlassWorm Open VSX worm exposed a supply chain blind spot that dependency scanners like Socket.dev don't cover.
May 9, 20266 min read