Coding
Open VSX rotates access tokens used in supply-chain malware attack
The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in a supply chain attack. The leak was discovered by Wiz researchers two weeks ago, when they reported an exposure of over 550 secrets across Microsoft VSCode and Open VSX marketplaces. Some […]
PhantomRaven attack floods npm with credential-stealing packages
An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. The activity started in August and deployed 126 npm packages that counted more than 86,000 downloads. The Node Package Manager (NPM) is the default package manager for Node.js, used by JavaScript developers […]
Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities
The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. An estimated 1.8 million developers, the userbase for the two IDEs, are exposed to the risks. Ox Security researchers explain that both development environments are built on old software […]
‘WhiteCobra’ floods VSCode market with crypto-stealing extensions
A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ongoing as the threat actor continuously uploads new malicious code to replace the extensions that are removed. In a public post, core Ethereum developer Zak Cole […]
Cursor AI editor lets repos “autorun” malicious code on devices
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it’s opened. Threat actors can exploit the flaw to drop malware, hijack developer environments, or steal credentials and API tokens, without developers having to execute any commands. Cursor is an AI-powered Integrated Development Environment (IDE) built […]
Flaw in Gemini CLI AI coding assistant allowed stealthy code execution
A vulnerability in Google’s Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers’ computers using allowlisted programs. The flaw was discovered and reported to Google by the security firm Tracebit on June 27, with the tech giant releasing a fix in version 0.1.14, which became available on July 25. Gemini CLI, […]
LameHug malware uses AI LLM to craft Windows data-theft commands in real-time
A novel malware family named LameHug is using a large language model (LLM) to generate commands to be executed on compromised Windows systems. LameHug was discovered by Ukraine’s national cyber incident response team (CERT-UA) and attributed the attacks to Russian state-backed threat group APT28 (a.k.a. Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, Forest Blizzard). The […]
Microsoft open-sources VS Code Copilot Chat extension on GitHub
Microsoft has released the source code for the GitHub Copilot Chat extension for VS Code under the MIT license. This provides the community access to the full implementation of the chat-based coding assistant, including the implementation of “agent mode,” what contextual data is sent to large language models (LLMs), and the design of system prompts. The GitHub repository […]
Google takes on Cursor with Firebase Studio, its AI builder for vibe coding
Google has quietly launched Firebase Studio, which is a cloud-based AI-powered integrated development environment that lets you build full-fledged apps using prompts. Google’s Firebase Studio comes at an interesting time when Cursor AI is storming the “vibe coding” trend. Cursor AI, reportedly valued at $10 billion, is an AI-powered integrated development environment that integrates AI features directly into the […]
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft’s review process. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded seven and eight times, respectively, before they were eventually removed from the store. It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) […]