VulnHub

Real-time Cybersecurity News

Illicit VS Code projects tapped to deploy StoatWaffle malware

SCM feed for Latest
Actively Exploited
Malware

Overview

A North Korean cyber operation known as WaterPlum has been using malicious Visual Studio Code (VS Code) projects to spread a new strain of malware called StoatWaffle since December. This operation is part of a broader campaign referred to as Contagious Interview. Researchers from The Hacker News reported that these infected projects are designed to trick users into downloading the malware, potentially compromising their systems. This tactic highlights the growing trend of using legitimate software tools to deliver malicious payloads, which can lead to significant security risks for developers and organizations relying on popular coding platforms. Users of VS Code should be cautious and ensure they are downloading extensions and projects from reputable sources to avoid falling victim to such attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Visual Studio Code projects, StoatWaffle malware
  • Action Required: Users should only download extensions and projects from trusted sources and regularly update their software to mitigate risks.
  • Timeline: Ongoing since December

Original Article Summary

North Korean threat operation WaterPlum, which runs the Contagious Interview campaign, has leveraged malicious VS Code projects to deliver the new StoatWaffle malware since December, reports The Hacker News.

Impact

Visual Studio Code projects, StoatWaffle malware

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since December

Remediation

Users should only download extensions and projects from trusted sources and regularly update their software to mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

DoE Publishes 5-Year Energy Security Plan

SecurityWeek

The U.S. Department of Energy (DoE) has launched a five-year initiative called Project Armor aimed at reinforcing the country’s critical energy infrastructure. This initiative focuses on enhancing energy systems to better withstand and recover from threats like wildfires and other environmental hazards. The plan is a proactive step to ensure that energy supplies remain stable and secure against potential disruptions. By investing in these improvements, the DoE aims to safeguard not just the energy sector but also the broader economy and public safety. The initiative reflects growing concerns about the vulnerabilities faced by energy systems in a changing climate and the need for resilient infrastructure.

Mar 24, 2026

Managing Cyber Risk as Financially Motivated Attacks Grow - Tony Anscombe - RSAC26 #2

SCM feed for Latest

In light of increasing financially motivated cyber attacks, cybersecurity expert Tony Anscombe emphasizes the need for businesses to reassess their risk management strategies. He points out that these attacks are becoming more sophisticated, targeting vulnerabilities in both technology and human behavior. Companies, especially in the finance sector, are urged to implement stronger security measures and employee training to combat these threats. Anscombe also highlights the importance of continuous monitoring and adapting to the evolving tactics of cybercriminals. This shift in approach is crucial for protecting sensitive financial data and maintaining customer trust.

Mar 24, 2026

Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw

SecurityWeek

The article discusses the evolution of agentic AI systems, which are moving from merely suggesting actions to taking independent actions within systems. This shift raises significant governance and security concerns, particularly as these AI platforms gain more access to critical systems. The case of OpenClaw serves as a cautionary tale, illustrating the potential risks of inadequate oversight. As these technologies become more autonomous, it is crucial for organizations and regulators to establish better frameworks for managing them. Without proper governance, the implications for security and accountability could be severe, affecting various sectors that rely on AI.

Mar 24, 2026

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

The Hacker News

TeamPCP, a known threat actor, has compromised the popular Python package litellm by injecting malicious code into versions 1.82.7 and 1.82.8. This compromise was linked to earlier incidents involving the Trivy and KICS tools. The malicious versions contain a credential harvester, a toolkit for lateral movement within Kubernetes environments, and a persistent backdoor. Security companies like Endor Labs and JFrog have confirmed the issue, raising concerns for developers and organizations using this package. The presence of these backdoors could allow attackers to gain unauthorized access to sensitive information and systems, making it crucial for users to act quickly to protect their environments.

Mar 24, 2026

Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack

CyberScoop

Attackers have hacked Trivy, an open-source security tool, and released malicious versions of the software. This incident raises concerns as Mandiant warns that it could affect up to 10,000 downstream users who rely on Trivy for security assessments. The presence of compromised versions may lead to a significant rise in extortion attempts against these users. The situation emphasizes the risks associated with using open-source tools, particularly when they become targets for malicious actors. Organizations that use Trivy need to be vigilant and assess their security protocols to mitigate potential fallout.

Mar 24, 2026

Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector

SecurityWeek

In December 2025, Poland experienced a significant cyberattack that targeted its energy system, leading to widespread disruptions. The attack is believed to have originated from Russia, raising concerns about geopolitical tensions and the security of critical infrastructure. This incident is part of a broader surge in cyberattacks affecting Poland, indicating a troubling trend in cybersecurity threats faced by the nation. As a result, the energy sector, crucial for both public services and economic stability, is now at heightened risk. The implications of these attacks extend beyond immediate operational disruptions, as they could impact national security and public confidence in essential services.

Mar 24, 2026