Product
GitHub Internal Repositories Breached via Malicious VS Code Extension
2 rules 7 TTPsA GitHub employee's device was compromised via a malicious VS Code extension, leading to the theft of approximately 3,800 internal repositories by threat actor TeamPCP (UNC6780), who then offered the data for sale.
Multiple Vulnerabilities in Microsoft Developer Tools
3 rules 6 TTPsMultiple vulnerabilities in Microsoft developer tools and platforms could allow an attacker to achieve arbitrary code execution, data manipulation, privilege escalation, bypassing security measures, information disclosure, and denial of service.
CVE-2026-41613 - Visual Studio Code Session Fixation Vulnerability
2 rules 1 TTP 1 CVECVE-2026-41613 is a session fixation vulnerability in Visual Studio Code that allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-41611: Visual Studio Code XSS Vulnerability
2 rules 4 TTPs 1 CVECVE-2026-41611 is a cross-site scripting (XSS) vulnerability in Visual Studio Code that allows an attacker to execute code locally due to improper neutralization of script-related HTML tags.
Detection of VScode Remote Tunneling for Command and Control
2 rules 1 TTPThe rule detects the execution of the VScode portable binary with the tunnel command line option, potentially indicating an attempt to establish a remote tunnel session to Github or a remote VScode instance for unauthorized access and command and control.