4Products·Jun 17
15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys
Security researchers discovered several malicious plugins for JetBrains development environments designed to exfiltrate proprietary AI API keys from user systems. These extensions targeted developers by harvesting credentials, potentially allowing attackers to access private codebases or incur unauthorized usage costs on cloud-based AI services. Users are advised to audit their installed plugins and revoke any compromised keys.
Covered by 3 sources
- TThe Hacker News↗Jun 17
- HHacker News↗sschuellerJun 17
- HHackread↗Jun 17