VulnHub

Real-time Cybersecurity News

Malicious IDE extension targets developers, uses Solana blockchain for C2

SCM feed for Latest
Actively Exploited
Malware

Overview

Researchers have discovered a malicious extension posing as a legitimate tool for the R programming language, named 'reditorsupporter.r-vscode-2.8.8-universal'. This extension mimics a popular add-on for Visual Studio Code and serves as a conduit for attackers to control infected systems via the Solana blockchain. Developers who unknowingly install this fake extension could have their systems compromised, leading to potential data theft or unauthorized access. The incident raises concerns about the security of development tools and the need for vigilance among developers when installing third-party extensions. Users should be cautious and verify the authenticity of any extensions they choose to install.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Visual Studio Code, R programming language extensions
  • Action Required: Users should avoid installing unverified extensions and verify the source of any tools before downloading.
  • Timeline: Newly disclosed

Original Article Summary

The attack utilizes a fake extension disguised as a legitimate tool for the R programming language, named "reditorsupporter.r-vscode-2.8.8-universal" to mimic a popular extension.

Impact

Visual Studio Code, R programming language extensions

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should avoid installing unverified extensions and verify the source of any tools before downloading.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Critical Langflow RCE vulnerability exploited within 20 hours

SCM feed for Latest

A newly discovered vulnerability, identified as CVE-2026-33017, poses a serious risk by allowing unauthenticated attackers to run arbitrary Python code on vulnerable servers. This flaw was reportedly exploited within 20 hours of its disclosure, raising concerns among cybersecurity experts. Organizations that use systems affected by this vulnerability need to act swiftly to secure their environments. The ability for attackers to execute arbitrary code can lead to severe data breaches and system compromises, making it crucial for affected users to understand their risk and take appropriate measures. As of now, details on specific systems or versions impacted have not been disclosed, leaving many organizations potentially vulnerable.

Mar 20, 2026

Google reverses Android developer verification requirement amidst user backlash

SCM feed for Latest

Google has decided to reverse its plan to require Android developers to link their apps to verified developer accounts, a move that had sparked significant backlash from users. The original requirement, which was set to take effect in September 2026, involved a $25 fee and the submission of personal identification for verification. Many users expressed concerns over privacy and accessibility, arguing that the new rule could limit the diversity of apps available on the platform. By stepping back from this policy, Google aims to maintain a more open app ecosystem while addressing user concerns about potential barriers to entry for developers. This decision reflects the ongoing tension between security measures and user freedom in the app development landscape.

Mar 20, 2026

Ubiquiti patches critical vulnerabilities in UniFi Network Application

SCM feed for Latest

Ubiquiti has released patches to address a critical vulnerability in its UniFi Network application, specifically affecting versions 10.1.85 and earlier. The vulnerability, tracked as CVE-2026-22557, poses significant risks to users who have not yet updated their software. This flaw could potentially allow attackers to exploit the system, compromising network security. Users of the affected versions are strongly advised to update to the latest version to safeguard their networks. The urgency of this patch highlights the ongoing need for regular software updates to protect against evolving threats.

Mar 20, 2026

French aircraft carrier location exposed by sailor's Strava activity

SCM feed for Latest

A French naval officer, known only as Arthur, inadvertently revealed the location of the Charles de Gaulle aircraft carrier by using a smartwatch to track his running activity on the ship's deck. The data, which was uploaded to the fitness app Strava, included precise geolocation details. This incident raises concerns about operational security, especially as the carrier was in a sensitive area. The exposure of such information could potentially aid adversaries in tracking naval movements or planning attacks. The incident serves as a reminder for military personnel to be cautious about sharing location data online, even in seemingly harmless contexts.

Mar 20, 2026

FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps

CyberScoop

The FBI and CISA have issued a public service announcement regarding a Russian intelligence campaign aimed at users of messaging apps, particularly Signal. This warning aligns with previous alerts from authorities in the Netherlands and Germany, highlighting a growing concern about the targeting of secure communication platforms. The campaign suggests that attackers are attempting to compromise the privacy and security of individuals who rely on these apps for confidential conversations. This situation is particularly alarming as it raises questions about the safety of messaging services that users often consider secure. People using these apps should remain vigilant and consider enhancing their security measures to protect their communications.

Mar 20, 2026

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

darkreading

Oracle has announced a critical vulnerability in its Fusion Middleware that allows attackers to execute arbitrary code without needing authentication. This flaw affects Oracle's Identity and Web Services Managers, particularly if they are exposed to the internet. The lack of authentication means that anyone can potentially exploit this vulnerability, making it especially dangerous for organizations that have these services publicly accessible. Companies using these products should take immediate action to secure their systems to prevent unauthorized access and potential data breaches. It's crucial for users to apply the necessary patches as soon as possible to mitigate the risks associated with this flaw.

Mar 20, 2026