extension security
-
Critical flaws found in four Visual Studio Code extensions
Researchers disclosed multiple high severity vulnerabilities in four popular Visual Studio Code extensions with more than 125 million installs. Several flaws remain unpatched and one extension was silently fixed by Microsoft in version 0.4.16.
-
Malicious Open VSX extension delivers SleepyDuck RAT and uses Ethereum contract for fallback control
Researchers warned that a malicious Open VSX extension, juan-bianco.solidity-vlang, installs a SleepyDuck remote access trojan that uses an Ethereum smart contract and a fallback RPC mechanism to update its command-and-control details.
