A recent study uncovers critical weaknesses in IDEs like Visual Studio Code, allowing malicious extensions to appear verified and execute harmful commands on developer machines. These vulnerabilities highlight the importance of trusted source verification and cautious extension management. #VisualStudioCode #IntelliJIDEA
Keypoints
- Flawed extension verification checks in popular IDEs can be exploited by attackers.
- Malicious extensions can mimic verified ones, tricking developers into trusting them.
- Attackers can execute operating system commands, including opening apps like Calculator.
- Even IDEs like IntelliJ IDEA and Cursor are vulnerable to modified verification values.
- Microsoft stated that this behavior is by design, but the vulnerability remains exploitable.
Read More: https://thehackernews.com/2025/07/new-flaw-in-ides-like-visual-studio.html