VS Code extension analysis! Secure Annex is no longer just browser extensions in Chrome, Edge & Firefox. Analyze and monitor VS Code extensions all in one platform. For as terrifying as browser extension stealing cookies are, IDE extensions basically run in the command line!

tuckner Secure Annex Ok - this needs to go on my todo list now: - if you have a SWG, it should be possible to insert a call to Secure Annex to block low trust installs - if you have osquery , it should be possible to hunt/detecc as part of a pipeline (support for browser extension and vscode

🚨 NEW: Health scores are live in Secure Annex! 0-100 ratings for aspects of extensions that consider current attributes and past events like: Ownership changes Publisher verification status Web store visibility Update frequency +++

"Demystifying Browser Extensions" Interview with John Tuckner x.com/i/broadcasts/1…

Want to know how insecure your browser extensions really are? youtube.com/watch?v=rFlxk8… Recording up from last week where we interview tuckner, founder of Secure Annex, and his workshop he is bringing to ContinuumCon June 20 of "Demystifying Browser Extensions". A lot of

800,000 users have the extensions StayFree and StayFocusd which provide usage statistics of websites. What comes with that? Collection of clickstream data on behalf of Sensor Tower, an adtech firm, which seems to inject ads into pages also.

Going to have a great guest this week on #ThursDef to discuss Browser Extension Security. tuckner of Secure Annex will be joining us. Bring your best questions, we've got a pro! Get registered at reconinfosec.com/thursday-defen… #ThursDef #ThursdayDefensive #cybersecurity #infosec

This was a blast. Love working with the Recon InfoSec team!

Cursor and Windsurf often install extensions from Open VSX instead of the VS Marketplace. I found a blatantly malicious extension published which makes me wonder if it is safe. secureannex.com/blog/these-vib…

Nearly 1,000,000 browsers have become unwitting request brokers due to browser extension publishers including a monetization library called Mellowtel. Extensions utilizing permissions already accepted by users now load hidden iframes which connect to services for others. Blog 👇

Browser extensions turn nearly 1 million browsers into website-scraping bots arstechnica.com/security/2025/…

⚠️ Came across something eye opening right now, and you should probably audit all installed extensions in your IDE. I was searching packages in Cursor and found one that is impersonating the official Tailwind CSS extension. 🧵

Secure Annex has been developing an MCP server to help folks understand browser extensions without having to install, download, or reverse them. Just ask questions about any extension and it will analyze enriched data while also digging files. If you're interested, get in touch!

🚨 PSA for Firefox 🔥 add-on developers 🚨 There's a phishing campaign that's using false urgency to trick developers into granting a 3rd party access to their AMO accounts. Stay safe out there! blog.mozilla.org/addons/2025/08…

Is there a malicious solidity VSCode extension? It seems the version from `juan-blanco` has more downloads/better reviews, despite being new. The version from `juanblanco` has bad reviews, less downloads, but longer history. The newer version DID NOT WORK, so I looked further. 🧵

🆕 YARA module this week: Chrome extension bundles! Would be pretty cool to add Mandiant's Permission Hash to the module's output for pivoting fun! Secure Annex exposes Permhash's in their UI/API so this would be a nice CLI format

Cursor is now using Open VSX to install code editor extensions from. You must understand the implications of this right now. There has been an attack campaign happening for more than a month with extensions that install ScreenConnect. Below is ANOTHER example.

Another Open VSX extension removed today. Same code and same callback endpoint. ethfoundry.solidityethereum app.secureannex.com/extensions/sea…

Knows which extensions are malware but won't display it in Google admin or remove them from the web store. What does that tell you?