The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.
TechRadar

Malicious AI-made extension with ransomware capabilities sneaks on to Microsoft's official VS Code marketplace - so devs beware

Malicious VS Code extension ‘susvsex’ acted as ransomware and used GitHub for command control Extension appeared AI-generated, with embedded decryption keys and suspicious metadata Microsoft removed ...

Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware

A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, including backdoors and spyware sending people's data to servers in China.
Developer Tech

Malware campaign uses VS Code extensions for A/B testing

A new malware campaign is A/B testing delivery effectiveness on software developers using malicious VS Code extensions.
SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

A threat actor has published over a hundred malicious extensions that can track and profile Chrome and Microsoft Edge users ...