VulnHub

Real-time Cybersecurity News

Malicious JetBrains Marketplace plugins steal AI API keys from developers

BleepingComputer
Actively Exploited

Overview

Researchers have identified at least 15 malicious plugins on the JetBrains Marketplace that are specifically designed to steal AI API keys from developers. These plugins masquerade as legitimate tools, but once installed, they can access sensitive information, putting developers' projects and data at risk. This incident affects anyone using the JetBrains development environment who may unknowingly install these harmful plugins. The theft of API keys can lead to unauthorized access to AI services, potentially resulting in financial losses and compromised projects. Developers are urged to review their installed plugins and ensure they are from trusted sources to protect their work.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: JetBrains Marketplace plugins
  • Action Required: Developers should uninstall any suspicious plugins and only install those from verified sources.
  • Timeline: Newly disclosed

Original Article Summary

At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...]

Impact

JetBrains Marketplace plugins

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Developers should uninstall any suspicious plugins and only install those from verified sources. Regularly reviewing and updating installed plugins is recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Security Community Slams US Ban on Exporting Mythos, Fable

darkreading

A group of security experts has expressed strong opposition to the U.S. government's recent ban on exporting Anthropic's AI models, specifically Claude Fable 5 and Mythos 5. In an open letter, the experts argue that these export restrictions hinder progress in the field of artificial intelligence and could have negative implications for research and development. They believe that limiting access to these advanced models could stifle innovation and collaboration among researchers. This situation raises concerns about the balance between national security and the advancement of technology, as the ban could impact various sectors that rely on AI advancements. The experts are urging the government to reconsider these restrictions to foster a more open and collaborative environment in AI research.

Jun 16, 2026

New Rokarolla Android malware targets 217 banking, crypto apps

BleepingComputer

A new Android banking trojan named Rokarolla has emerged, targeting 217 banking and cryptocurrency applications. This malware operates with a sophisticated toolkit, utilizing 137 different commands to carry out its operations. Users of affected apps may be at risk of having their sensitive financial information compromised. As cybercriminals continue to develop more advanced tactics, it's crucial for users to stay vigilant and ensure they have proper security measures in place. The rise of such malware highlights the ongoing threat to mobile banking and cryptocurrency platforms, making it essential for both users and developers to prioritize security.

Jun 16, 2026

'Lorem Ipsum' Malware Pivots to ClickFix Delivery

darkreading

Recent analysis has revealed that a malware campaign, previously known as 'Lorem Ipsum', is now distributing a tool called ClickFix through compromised WordPress sites. This campaign is suspected to be linked to the ransomware and data extortion group Vice Society. Organizations that rely on WordPress for their websites may be particularly vulnerable, as attackers exploit these compromised platforms to deliver malicious payloads. The implications of this shift are significant, as it not only demonstrates the evolving tactics of cybercriminals but also raises concerns for businesses and their data security. Companies should take precautions to secure their WordPress sites and monitor for any unusual activity.

Jun 16, 2026

CISA warns of another cPanel plugin flaw exploited in attacks

BleepingComputer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in the LiteSpeed cPanel user-end plugin, identified as CVE-2026-54420. This flaw poses a significant risk to U.S. government servers, prompting CISA to give agencies just three days to secure their systems. Attackers can exploit this vulnerability to gain unauthorized access, which could lead to data breaches or other malicious activities. The urgency of the warning highlights the need for prompt action to protect sensitive information and maintain system integrity. Agencies are advised to take immediate steps to patch their systems against this threat.

Jun 16, 2026

Ransomware gang abuses Microsoft Teams relays to hide malicious traffic

BleepingComputer

The DragonForce ransomware group has been found using a custom malware called 'Backdoor.Turn' to conceal their command-and-control traffic within Microsoft Teams relays. This tactic allows them to mask their activities, making it harder for security measures to detect their malicious actions. By leveraging the infrastructure of a widely-used collaboration tool, they are able to blend in with legitimate traffic, posing a significant challenge for cybersecurity professionals. This development raises concerns for organizations that utilize Microsoft Teams, as it highlights the potential for trusted platforms to be exploited for harmful purposes. Companies should remain vigilant and enhance their monitoring efforts to detect any unusual activities that could indicate an attack.

Jun 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

The Hacker News

Cybersecurity researchers have discovered new Windows versions of a backdoor known as SprySOCKS, which was previously thought to be limited to Linux systems. The variants, labeled WIN_DRV and WIN_PLUS, contain hard-coded command-and-control configurations and can communicate over TCP and UDP protocols. This development raises concerns as it indicates that attackers, likely linked to China, are expanding their malware capabilities to target Windows users. The existence of these variants could pose significant risks to organizations using Windows operating systems, as they may be vulnerable to unauthorized access and control. Users and companies should remain vigilant and update their security measures to prevent potential exploitation.

Jun 16, 2026