⚠️ Came across something eye opening right now, and you should probably audit all installed extensions in your IDE. I was searching packages in Cursor and found one that is impersonating the official Tailwind CSS extension. 🧵

Is there a malicious solidity VSCode extension? It seems the version from `juan-blanco` has more downloads/better reviews, despite being new. The version from `juanblanco` has bad reviews, less downloads, but longer history. The newer version DID NOT WORK, so I looked further. 🧵

🙄🙄🙄

🆕 YARA module this week: Chrome extension bundles! Would be pretty cool to add Mandiant's Permission Hash to the module's output for pivoting fun! Secure Annex exposes Permhash's in their UI/API so this would be a nice CLI format

More energized than ever after a week in Vegas Got the opportunity to give my first talk at summer camp which checks a box on my bucket list. Thankful for everyone I met, folks I got to catch up with, and the discussions that were had!

This is a true YOLO move

Another Open VSX extension removed today. Same code and same callback endpoint. ethfoundry.solidityethereum app.secureannex.com/extensions/sea…

Knows which extensions are malware but won't display it in Google admin or remove them from the web store. What does that tell you?