Latest Typosquatting Attack Targeting VS Code Tools Hits Windsurf IDE

Published: 1 month ago (April 3, 2026 at 08:27 AM EDT)

1 min read

Source: DevOps.com

Summary

Cybersecurity researchers from Bitdefender, a provider of an endpoint detection and response (EDR) platform, have discovered a malicious extension for the Windsurf integrated development environment (IDE). The extension steals credentials and data after code is downloaded from the Solana blockchain platform. According to Silviu Stahie, a security analyst at Bitdefender, the extension employs typosquatting tactics to lure developers into installing it.

Back to Blog

Bad Actor Drops 36 Malicious Packages in npm, Targets Guardarian Users

The npm code repository is again being used by a bad actor to launch a supply chain attack that includes three dozen malicious packages that appear as Strapi CM...

Is Your AI Agent Secure? The DevOps Case for Adversarial QA Testing

Adversarial QA testing helps validate AI agents under real-world conditions, exposing risks like prompt injection and logic failures....

Microsoft Field Engineers Built a Six-Agent Research Pipeline in VS Code That Fact-Checks Its Own Output

Azure Global Black Belts Diego Casati and Ray Kao developed Project Nighthawk, a multi‑agent system that automates deep technical research for AKS and ARO with...

Giving AI Agents the Keys to Real Infrastructure

AI coding assistants can generate pull requests faster than most teams can review them, and that mismatch is creating a new kind of bottleneck across engineerin...

Summary

Related posts

Bad Actor Drops 36 Malicious Packages in npm, Targets Guardarian Users

Is Your AI Agent Secure? The DevOps Case for Adversarial QA Testing

Microsoft Field Engineers Built a Six-Agent Research Pipeline in VS Code That Fact-Checks Its Own Output

Giving AI Agents the Keys to Real Infrastructure