AI Plugins Steal Developer API Keys
カートのアイテムが多すぎます
カートに追加できませんでした。
ウィッシュリストに追加できませんでした。
ほしい物リストの削除に失敗しました。
ポッドキャストのフォローに失敗しました
ポッドキャストのフォロー解除に失敗しました
AI Plugins Steal Developer API Keys
-
ナレーター:
-
著者:
Security researchers uncovered a massive malware operation disguised as AI coding plugins in the JetBrains Marketplace, targeting developers with stolen API keys. Fifteen plugins, under seven fake vendor names, racked up nearly 70,000 downloads by masquerading as helpful AI assistants. The campaign, active since late 2023, slipped past security checks until June 2024. These tools not only tricked users with useful features but also harvested credentials to fuel a black market for stolen compute power—charging users while secretly stealing keys from free accounts. The fallout? Millions in breach costs and a glaring flaw in how we manage digital identities. It’s a wake-up call for tighter oversight and smarter security in developer tools.
Support the show:
Get a discount at https://solipillow.com/discount/dnn.
Advertise on DNN:
advertise@thednn.ai
This is an automated, high-level news summary based on public reporting.
Report issues to feedback@thednn.ai.
View sources & latest updates:
https://sources.thednn.ai/cb7234c79cbbee6f