P172TECH TEXT NEWS
:
[SECURITY]

JETBRAINS MARKETPLACE PLAGUED BY 15 API KEY-STEALING PLUGINS

AI DESK1 MIN READ
WED, JUN 17, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Researchers discovered at least 15 malicious plugins on the JetBrains Marketplace designed to steal AI API keys from developers. The plugins bypassed security checks and posed as legitimate development tools.

The malicious plugins targeted developers using popular JetBrains IDEs, including IntelliJ IDEA and PyCharm. They were engineered to extract API keys for services like OpenAI, Anthropic, and other AI platforms—credentials that could grant attackers access to expensive API services or sensitive project data. JetBrains removed the plugins after security researchers identified the threat. The incident highlights vulnerabilities in marketplace vetting processes and raises concerns about supply chain attacks targeting developer tools. Developers using JetBrains products should audit installed plugins and review API key exposure. Users should rotate compromised credentials immediately. JetBrains has not disclosed how long the plugins remained available or how many installations occurred before removal. This incident follows similar marketplace security incidents across platforms like VS Code and Chrome, underscoring the persistent risk of malicious extensions targeting developers.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

P183APPLE TO SHIFT HIDE MY EMAIL ADDRESSES TO NEW DOMAIN

Apple plans to move its Hide My Email feature to a different domain in the coming weeks, a change that could reduce the privacy protection the tool currently provides.

2H AGOAI Desk
P175FIFA WORLD CUP FLAW EXPOSED TV STREAM TAKEOVER RISK

A security researcher discovered a critical vulnerability in FIFA's internal systems that could have allowed unauthorized access to modify World Cup television broadcasts. The flaw exposed multiple internal platforms to potential compromise.

8H AGOIndustry Desk
P169STEAM WORKSHOP WEAPONIZED TO SPREAD MALWARE

Threat actors are exploiting Steam Workshop to distribute malware disguised as Wallpaper Engine wallpapers. Users downloading compromised content face infection risks.

8H AGOSecurity Desk
P171ROKAROLLA MALWARE TARGETS 217 BANKING AND CRYPTO APPS

A new Android banking trojan named Rokarolla is actively targeting 217 banking and cryptocurrency applications through an extensive command set. Security researchers have identified the threat as a significant risk to mobile users.

8H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.

◄ BACK TO NEWS