Cybersecurity researchers have identified 15 malicious plugins on the JetBrains Marketplace designed to steal API keys from AI models like DeepSeek and OpenAI. These plugins, which have accumulated nearly 70,000 downloads and employ fake reviews, have been active since October 2025. A separate Chrome extension campaign is also reportedly recording chatbot conversations. AI
IMPACT Developers using AI coding assistants should be vigilant about plugin sources to prevent API key theft and protect sensitive data.
RANK_REASON The cluster describes malicious plugins distributed on a software development platform, which falls under the 'tool' category as it relates to software distribution and security vulnerabilities.
Read on Mastodon — sigmoid.social →
AI-generated summary · Google Gemini · from 2 sources. How we write summaries →