Filter
Exclude
Time range
-
Near
AISecHub
@AISecHub
8 Nov 2025
Ransomvibing appears in VS Code extensions - secureannex.com/blog/ransomv… by @tuckner Vibe coded ransomware has successfully been published to the Visual Studio extension marketplace. It was only a matter of time before ransomware techniques started to be included in VS Code extensions. One of the first overt examples was just discovered published to the Visual Studio Marketplace and it shows obvious signs of it being vibe coded. It utilizes GitHub as a command and control channel while also including exfiltration of encrypted files for potential extortion. This is not a sophisticated example, however, as the command and control server code was accidentally(?) included in the published extension's package along with decryption tools. #AISecurity #Ransomware #VSCode #VisualStudioMarketplace #SoftwareSupplyChain #MaliciousExtensions #IDESecurity #DeveloperSecurity #CommandAndControl #DataExfiltration #GitHubSecurity #ThreatResearch #BlueTeam #SecOps #MalwareAnalysis

Ransomvibing appears in VS Code extensions

Vibe coded ransomware has successfully been published to the Visual Studio extension marketplace

secureannex.com
5
257
Hunt.io
@Huntio
14 Jul 2025
🚩 Malicious Pull Request Compromises VS Code Extension Ethcode thehackernews.com/2025/07/ma… A supply-chain attack slipped two hidden lines into a GitHub PR on June 17, injecting a malicious npm package that triggered a hidden PowerShell downloader, impacting over 6,000 #Ethcode users. Review your installed #VSCode extensions, revoke untrusted or unfamiliar ones, and enable alerts for suspicious GitHub updates. #CyberSecurity #IDEsecurity

Malicious Pull Request Targets 6,000 Developers via Vulnerable Ethcode VS Code Extension

Researchers uncover a supply chain attack targeting the Ethcode VS Code extension, affecting 6,000 users.

thehackernews.com
3
3
641
Hunt.io
@Huntio
9 Jul 2025
🚩 New Flaw in IDEs Lets Malicious Extensions Appear Verified thehackernews.com/2025/07/ne… A security gap in IDEs like Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor lets attackers modify an extension’s properties so it keeps the “verified” badge, even after injecting malicious code, potentially enabling remote code execution through fake trusted plugins. Verify extension sources before installing, avoid sideloaded VSIX files, and let IDE vendors fully enforce signature and verification integrity #IDEsecurity #VSCode #DevSecOps #CyberSecurity

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A security flaw in IDEs like Visual Studio Code lets attackers bypass extension verification, running malicious code on developer machines

thehackernews.com
4
6
582
Mr.Rabbit
@01ra66it
2 Jul 2025
VS Code など IDE の拡張検証が脆弱で、偽装VSIXで Verified バッジを維持しつつ悪意あるコード実行が可能に。PowerShell起動でRCE達成のPoC公開。Marketplace外インストール禁止&拡張監査強化急務。#IDEsecurity #SupplyChain gbhackers.com/ide-extensions…

IDE Extensions Like VSCode Allow Attackers to Bypass Trust Checks and Deliver Malware to Developer...

OX Research conducted a ground-breaking study that revealed concerning security flaws in the extension verification procedures.

gbhackers.com
1
7
762
Load more