Fifteen JetBrains Marketplace Plugins Found Stealing API Keys
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace
Marketplace security concerns include fraud, account abuse, data exposure, and attacks that compromise online transactions and user accounts.
Search across headline titles and summaries.
Background for this topic.
A marketplace is an online platform that connects buyers and sellers. In security coverage, the term commonly describes legitimate stores for security software, managed services, cloud integrations, and threat-intelligence products, but it can also mean underground markets offering stolen credentials, malware, exploits, or access to compromised systems.
For defenders, legitimate marketplaces introduce supply-chain and third-party risks: a tool may be tampered with, collect more data than expected, or receive excessive access to systems. Evaluate publisher identity, package provenance and signatures, permissions, update practices, data handling, and contractual controls before deployment. Underground-market listings can provide leads about exposed accounts or vulnerabilities, but claims may be fraudulent, and acquiring or handling stolen data can create legal, privacy, and evidentiary problems. Security teams should validate such intelligence through authorized sources and use confirmed exposure to guide credential resets, access revocation, vulnerability remediation, and monitoring.
Weekly headline count for the current query.
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
Spanish police have arrested the suspected administrator of German dark web marketplace Crimenetwork
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
Fortra researchers have discovered a new SEO poisoning operation known as “HaxorSEO”
A notorious marketplace for fraud, Tudou Guarantee, appears to have closed its public Telegram groups
New SEO poisoning attacks identified, using Hacklink to hijack search rankings and inject malicious links into sites
Operation DEEP Sentinel has shut down Archetyp Market, the longest-running dark web drug marketplace
A report on the dark web marketplace Russian Market showed Acreed has emerged as the leading infostealer
Sophos has observed DragonForce attacking rival ransomware operators including RansomHub as it seeks to expand its reach in the cybercrime marketplace
President Trump has pardoned the founder of original dark web marketplace Silk Road
A European law enforcement operation took down a specialized online marketplace that operated as a central hub for the trade of illegally obtained information
Law enforcers in Germany have taken down dark web marketplace Crimenetwork and arrested a suspected administrator
The “organizer” of notorious dark web drugs marketplace Hydra Market has been handed a life sentence in Russia
The UK’s National Crime Agency has infiltrated the DigitalStress marketplace, which offers DDoS capabilities
Researchers at Elliptic claim multibillion dollar Huione Guarantee platform is enabler of scams and money laundering
US officials say the suspected owner of the prolific Incognito dark web drugs marketplace has been arrested
The FBI claims to have seized the domain and servers of hacking forum BreachForums
Sandu Boris Diaconu was involved in conspiracy to commit access device and computer fraud
German police have dismantled the country’s largest underground marketplace: Crimemarket