ALL POSTS

Key Findings Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions with over 125 million collective installs. The vulnerable extensions are Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. If successfully exploited, these vulnerabilities could allow threat actors to steal local files and execute code remotely. The researchers warn that a single malicious exte

Key Findings A malicious Microsoft Visual Studio Code (VS Code) extension named "ClawdBot Agent - AI Coding Assistant" has been discovered on the official Extension Marketplace. The extension claims to be a free artificial intelligence (AI) coding assistant for the popular open-source project Moltbot, but it stealthily drops a malicious payload on compromised hosts. The extension was published by a user named "clawdbot" on January 27, 2026 and has since been taken down by Mic

Key Findings Two malicious Microsoft Visual Studio Code (VS Code) extensions, disguised as AI-powered coding assistants, have over 1.5 million combined installs and are stealing developer source code. The extensions, "ChatGPT - 中文版" and "ChatGPT - ChatMoss（CodeMoss）", capture every file being opened and every source code modification, and send the data to servers located in China without user knowledge or consent. The extensions also incorporate real-time monitoring and devic

Key Findings Cybersecurity researchers have discovered a new set of three Visual Studio Code (VS Code) extensions associated with the GlassWorm malware campaign. The extensions, with thousands of downloads, are still available for download and are being used to harvest credentials, drain cryptocurrency wallets, and drop remote access tools. The malware uses invisible Unicode characters to hide malicious code, allowing it to evade detection and create a self-replicating worm-l

Background Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities. The extension, named "susvsex," was uploaded on November 5, 2025, by a user named "suspublisher18." The extension was designed to automatically activate itself on any event, including installing or when launching VS Code, and invoke a function named "zipUploadAndEncrypt." Extension Functionality The "zipUploadAndEncrypt" function creates a Z