Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could’ve let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat’s been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. […]
from https://www.bleepingcomputer.com/news/security/the-zero-day-that-couldve-compromised-every-cursor-and-windsurf-user/