Back
67· Active
Technology4d 1h ago
Security firm Aikido Security discovered malicious plug-ins in the JetBrains Marketplace that intercept API keys from AI services.
JetBrains Marketplace
Who
Aikido Security, JetBrains Marketplace, BleepingComputer
What
Security firm Aikido Security discovered malicious plug-ins in the JetBrains Marketplace that intercept API keys from AI services.
When
Wed, 17 Jun 2026 07:32:51 GMT · 4d 1h ago
Where
JetBrains Marketplace ·
Why
The plug-ins, disguised as AI assistants, secretly sent entered API keys from services like OpenAI, DeepSeek, or SiliconFlow to an external server controlled by attackers.
The Frontline Impact
How this affects you
Malicious plug-ins in the JetBrains Marketplace have stolen API keys from AI services across nearly 70,000 installations, potentially compromising user accounts and financial resources linked to these keys. Developers are advised to review installed AI plug-ins and replace API keys if they used any of the affected extensions.
Story chain
1 event in this threadNo related history yet - this is the origin event.
Verified Sources & Citations
Credibility ratings reflect the AI ingestion pipeline's assessment of source provenance.