VS Code tasks.json abuse enables multi-stage infostealer deployment
12d ago
Source
ThreatLockerVS Code tasks.json abuse enables multi-stage infostealer deploymentthreatlocker.comThreatLocker Threat Intelligence analyzes a malicious VS Code attack that abuses workspace trust to execute obfuscated commands, install Node.js dependencies, and deploy a feature-rich infostealer targeting sensitive data.
You might also wanna read
North Korean Hackers Exploit Visual Studio Code to Deploy Backdoor Malware via Git Repositories
Jamf Threat Labs has identified North Korean threat actors expanding their abuse of Microsoft Visual Studio Code to deploy backdoor malware.
Snyk uncovers supply chain security vulnerabilities in Visual Studio Code extensions
Snyk·5y ago
Malicious VS Code AI Extensions with 1.5M Installs Secretly Harvest Developer Codebases
Two popular VS Code AI coding extensions with 1.5 million installs have been identified as malicious, secretly harvesting developers' entire
VS Code Remote-SSH Vulnerability Enables Lateral Movement from Developer Machines to Cloud Servers
A critical vulnerability in Visual Studio Code's Remote-SSH extension creates a post-compromise attack path enabling threat actors to pivot
cybersecuritynews.com·1mo agoVS Code vulnerability in github.dev allows attackers to steal GitHub OAuth tokens via malicious links
Security researcher Ammar Askar released exploit code for a Visual Studio Code vulnerability that can steal GitHub OAuth tokens when a victi
North Korean Hackers Target Developers via GitHub with Fake Recruitment Lures and Malicious VS Code Projects
Researchers have uncovered UNK_DeadDrop, a North Korea-linked phishing campaign that targets developers on GitHub using fake recruitment and
hendryadrian.com·22d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.