Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code VS Code extensions that are advertised as artificial intelligence AI-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5...

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities KEV catalog. The vulnerability, tracked as CVE-2025-8110 CVSS score: 8.7, relates to a case of path...

PT-2022-11500 · Luna Simo · Luna Simo

Name of the Vulnerable Software and Affected Versions: Luna Simo PPR1.180610.011/202001031830 Description: An issue was discovered in Luna Simo where it sends Personally Identifiable Information PII in plaintext using HTTP to servers located in China. The PII includes the user's list of installed...