Earlier this month, the Eclipse Foundation added Yeeth Security to the Open VSX Security Hall of Fame as the standalone organization in the Security guardians category. The hall of fame “recognises individuals and organisations that have helped protect the Open VSX ecosystem through responsible vulnerability disclosure,” and Yeeth Security is proud to be providing AI-enhanced malware detection and threat intelligence for IDE extensions and developer ecosystems.

This is a major milestone in our journey, as Open VSX is the registry behind increasingly popular IDEs like Cursor, VSCodium, and Eclipse. Recognition from the Open VSX maintainers, alongside the other guardians on that page, lands as confirmation that the way we have approached this problem is the right way.

This post is a brief tour through the public-facing work that led here, and where it’s going next.

What We’ve Shipped

The Open VSX threat surface has been Yeeth’s focus since we started writing about it in 2025. Each campaign on the list below was investigated by our team, confirmed against samples in the marketplace, reported through Open VSX’s responsible-disclosure channels, and written up here for the broader community.

  • WhiteCobra (September 2025) — The first major campaign post on this blog. A coordinated cluster of Solidity-themed extensions targeting blockchain developers.
  • SleepyDuck Strikes Again (November 2025) — A return of the SleepyDuck family, this time staging credential-harvesting login overlays inside Open VSX listings.
  • RustImplant (December 2025) — A native-binary implant smuggled inside an extension, written in Rust to evade JavaScript-only static analysis.
  • Secret Scanning with Aho-Corasick (December 2025) — Not a campaign post, but the technical writeup of the algorithm Yeeth uses to do thousand-pattern secret scanning at scale. The systems work that makes the threat-intel work possible.
  • PackRAT (March 2026) — The first public dissection of an extensionPack-as-distribution-channel campaign. Nineteen apparently-benign distribution extensions chaining to three malicious payloads through VS Code’s own pack-installation flow.
  • GhostDrop (March 2026) — 174 GitHub accounts created in a five-hour window on March 11, all publishing to Open VSX nine days later. Pre-positioning at scale, caught before the payload phase landed.
  • Francesca898 (April 2026) — A cross-platform dropper campaign using empty GitHub repositories’ release pages as the delivery channel. Native binaries for Windows and macOS, payload fetched on extension activation.
  • GLASSWORM Forensics (April 2026) — Sixteen extensions in 48 hours, sixteen different publishers, sixteen different displayed purposes, one threat actor. The first public post about Bane, our threat-intelligence knowledge graph that performs actor-level attribution where surface-similarity tools cannot.

That list is the public face of the same workflow that runs every day in the background: scan submissions, characterize what’s malicious, attribute clusters, ship rules.

What It Looks Like Behind the Scenes

The work behind the public posts starts with a scanning pipeline that has to run reliably against every artifact submitted to Open VSX. Following this, we perform analysis to yield findings that keep up with the quick iterative process adversaries tend to have when evolving their campaigns. Finally, we have an attribution layer that has to tell whether the thing in front of us is a new actor or a known one wearing a new costume.

Argus, our scanning platform, has been consistently monitoring Open VSX and using Bane as the lineage-and-attribution layer, mapping per-artifact verdicts onto threat-actor groups by matching on behavior preserved across surface variation. The dev-guard extension carries the detection signal back to developers inside the IDE, where decisions actually get made.

This stack is what lets a campaign post like the GLASSWORM writeup name not just “sixteen malicious extensions” but the cluster they belong to and the earlier wave they share infrastructure with.

What This Recognition Validates

Responsible disclosure is the right channel for this work - Every Yeeth campaign post above corresponds to an Open VSX disclosure that landed before the post landed. Open VSX takes the report, removes the artifact, and the post goes up. That cadence is only possible because the maintainers on the other end run a real disclosure process. Their hall of fame exists because they think this kind of partnership is worth recognizing publicly. We agree.

Adversary attribution belongs in the open - Threat actors operate on the assumption that the supply chain review surface is shallow and consists of no attribution and no deeper research. The longer we keep linking GLASSWORM to Francesca898 to the next trend, the smaller that assumption gets. The hall of fame is one more way of doing that publicly.

What’s Next

Argus is a production scanning layer available for a free trial. We have significantly more work ahead of us but we maintain a disciplined cadence on delivery. If you maintain a registry, an IDE, or an extension and want to compare notes, contact@yeethsecurity.com reaches us.

Thank you to the Open VSX maintainers for the recognition, and for the disclosure process behind it!