malware

Fifteen malicious IDE plugins on the JetBrains Marketplace, posing as AI coding assistants powered by DeepSeek and OpenAI, have been silently exfiltrating AI API keys since October 2025. Researchers say the plugins are still live and the install count has passed 70,000.