PT-2026-28798

OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against current command policy when delivered. Attackers can exploit stale allowlists or declarations that survive policy tightening to execute unauthorized commands...

PT-2026-28215

Hi guys! Recently I got this email from [email protected]. I read through the email and spotted a few grammatical errors, as well as a share.google link, which I thought was unusual for Microsoft to do. Even though it was fully delivered and signed by GitHub.com, I realised that what the...

PT-2026-28128

I just got mass-mentioned in a GitHub Discussion claiming a "Severe Exploit" in Visual Studio Code. This is almost certainly a scam / malware attempt. Here’s why: Suspicious link: https://share.google/not showing you the actual link is not an official Microsoft or VS Code domain. Fake CVE format:...

ide-task-rce

⚡ IDE Folder-Open RCE: Automatic Task Execution Vulnerability...

Agent Audit: A Security Analysis System for LLM Agent Applications

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code VS Code projects. The use of VS Code "tasks.json" to distribute malware...

CVE-2026-32732

CVE-2026-32732 describes an XSS issue in Lean 4 VS Code Extension caused by the @leanprover/unicode-input-component. The component re-inserted text into the input element as unescaped HTML, making versions 0.1.9 and earlier vulnerable. The issue affects projects using the affected component and c...

CVE-2026-32732 XSS in @leanprover/unicode-input-component

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...

PT-2026-25402

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...

Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...

Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...

CVE-2026-28353

Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...

PT-2026-23503

Name of the Vulnerable Software and Affected Versions Trivy Vulnerability Scanner VS Code Extension version 1.8.12 Description The Trivy Vulnerability Scanner VS Code extension was compromised with malicious code in version 1.8.12, distributed through the OpenVSX marketplace. This malicious code...

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code VS Code extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively...

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

CVE-2025-65716

An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file...

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

CVE-2025-65715

An issue in the code-runner.executorMap setting of Visual Studio Code Extensions Code Runner v0.12.2 allows attackers to execute arbitrary code when opening a crafted workspace...

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...

CVE-2025-65717

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page...