.png)
A coordinated 8-month supply chain attack on the JetBrains Marketplace led to the exposure of API keys from approximately 70,000 developers. Fifteen malicious plugins masqueraded as legitimate AI tools, embedding credential-stealing code that exfiltrated keys to a command-and-control server in Beijing. The attack, which began in late 2025 and was identified on June 16, 2026, triggered a response from JetBrains, including the removal of the plugins and banning of vendor accounts.
The ongoing operational status of the attacker's server, even after the plugins were removed, underscores the gravity of the situation. The article outlines the mechanics of the attack, identification of affected plugins, and recovery steps developers should take.