Cursor and OpenVSX face extension hijacking risk
Trendyol's security team uncovered a live namespace-squatting attack abusing OpenVSX to hijack extensions in Cursor, VSCodium, Windsurf and other VS Code forks.
supply-chain-securityopenvsxcursorvscode