Security researchers identified at least 15 malicious plugins distributed through the official JetBrains Marketplace that were engineered to harvest AI API keys and credentials from developers. These plugins infiltrated the marketplace despite security controls, posing a direct threat to development teams who rely on JetBrains IDEs for software creation. The attack highlights supply chain risks in popular development tools used across enterprise and educational environments.

Why it matters in Western Canada: Software development teams at Western Canadian universities, tech companies, and public sector organizations commonly use JetBrains IDEs; compromised API keys could expose cloud infrastructure, AI services, and proprietary code to attackers.

---

Summary generated from the original advisory. Read the full source: bleepingcomputer