SlowMist CISO: Alert on Suspicious VSCode Plugins amid Proliferation of Supply Chain Attacks Targeting Developers

Blockbeats

Yesterday

BlockBeats News, April 21st. SlowMist Chief Security Officer 23pds issued a warning to developers through a retweet of X platform user @mrdotparasyte's post, emphasizing the need for increased vigilance when installing third-party plugins or packages.

Currently, there is a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode, with the term "solidit" in the plugin's Identifier being an obvious spelling mistake. This plugin has been in existence for two to three days, and it is currently unclear how many developers may have inadvertently fallen victim. Supply chain attacks targeting developers are becoming increasingly common, especially in the case of unofficially reviewed VSCode plugins, npm packages, etc., making them prime targets for such attacks.

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www-web.itiger.com/news/2529808880"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2529808880\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2529808880?lang=en_US&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2025-04-21 19:57","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2529808880","market":"other","top_or_hot":-1,"title":"SlowMist CISO: Alert on Suspicious VSCode Plugins amid Proliferation of Supply Chain Attacks Targeting Developers","media":"Blockbeats","content":"<html><body><div><p>BlockBeats News, April 21st. SlowMist Chief Security Officer 23pds issued a warning to developers through a retweet of X platform user @mrdotparasyte's post, emphasizing the need for increased vigilance when installing third-party plugins or packages.</p><p>Currently, there is a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode, with the term \"solidit\" in the plugin's Identifier being an obvious spelling mistake. This plugin has been in existence for two to three days, and it is currently unclear how many developers may have inadvertently fallen victim. Supply chain attacks targeting developers are becoming increasingly common, especially in the case of unofficially reviewed VSCode plugins, npm packages, etc., making them prime targets for such attacks.</p></div></body></html>","source":"theblockbeats_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>SlowMist CISO: Alert on Suspicious VSCode Plugins amid Proliferation of Supply Chain Attacks Targeting Developers</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nSlowMist CISO: Alert on Suspicious VSCode Plugins amid Proliferation of Supply Chain Attacks Targeting Developers\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-04-21 19:57 GMT+8&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//en/flash/290577><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats News, April 21st. SlowMist Chief Security Officer 23pds issued a warning to developers through a retweet of X platform user @mrdotparasyte's post, emphasizing the need for increased ...</p>\n\n<a href=\"https://www.theblockbeats.info//en/flash/290577\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK6085","symbol_name":"保健护理产品经销商","start_time":0,"source_url":"https://www.theblockbeats.info//en/flash/290577","article_id":"2529808880","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2529808880","pubTimestamp":1745236620,"columns":[],"sourceInfo":{"source_id":"theblockbeats_live","name":"Blockbeats快讯"},"weMediaInfo":null,"summary":"BlockBeats News, April 21st. SlowMist Chief Security Officer 23pds issued a warning to developers through a retweet of X platform user @mrdotparasyte's post, emphasizing the need for increased vigilan","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"en","relate_stocks":{"BK6085":"保健护理产品经销商","T43.SI":"云能国际股份","BK6515":"技术设备股"},"translate_title":"SlowMist CISO：针对开发人员的供应链攻击激增，警惕可疑VSCode插件","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"T43.SI":1},"content_text":"BlockBeats News, April 21st. SlowMist Chief Security Officer 23pds issued a warning to developers through a retweet of X platform user @mrdotparasyte's post, emphasizing the need for increased vigilance when installing third-party plugins or packages.Currently, there is a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode, with the term \"solidit\" in the plugin's Identifier being an obvious spelling mistake. This plugin has been in existence for two to three days, and it is currently unclear how many developers may have inadvertently fallen victim. Supply chain attacks targeting developers are becoming increasingly common, especially in the case of unofficially reviewed VSCode plugins, npm packages, etc., making them prime targets for such attacks.","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":1,"code":"91000000","status":"200"}}}