Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data

Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials...

EUVD-2025-198322

Malicious code in @ra-ide/extension-ui npm...

Malicious code in @ra-ide/extension-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a7aa2bba6ddffad751c19fd8291861f53b9994814f0cecb8925b7c2d5c87ae5 The package @ra-ide/extension-ui was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-190591 Malicious code in @ra-ide/extension-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a7aa2bba6ddffad751c19fd8291861f53b9994814f0cecb8925b7c2d5c87ae5 The package @ra-ide/extension-ui was found to contain malicious code. Source: ossf-package-analysis...

Security Bulletin: Due to use of the sha.js library, IBM watsonx Code Assistant IDE Extensions is affected by Improper Input Validation vulnerability

Summary Sha.js is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20: Improper Inpu...

CVE-2025-59532

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

CVE-2025-59532

CVE-2025-59532 affects OpenAI Codex CLI (v0.2.0–0.38.0). A sandbox configuration bug caused the model-generated cwd to be treated as the sandbox’s writable root, enabling arbitrary file writes and command execution outside the user’s session workspace. The issue did not impact the network-disable...

Codex has sandbox bypass due to bug in path configuration logic

Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...

GHSA-W5FX-FH39-J5RW Codex has sandbox bypass due to bug in path configuration logic

Due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and comman...

Malicious code in arduino-ide-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dcf7ca9bf0f189fb107121b5376feaf1535112a7c3e0c2d426fb74d95e3bf8f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe

Most digital applications we work on require some type of credentials –– to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials a.k.a ‘Secrets’ are pieces of user or system level...