The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

New ClickFix attacks abuse Windows App-V scripts to push malware

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...
SecurityWeek

North Korean Hackers Target macOS Developers via Malicious VS Code Projects

North Korean hackers target macOS developers with malware hidden in Visual Studio Code task configuration files.
Infosecurity Magazine

Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a ...
CSO Online

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...