Tag

Vscode

4 briefs RSS

GitHub Internal Repositories Breached via Malicious VS Code Extension

A GitHub employee's device was compromised via a malicious VS Code extension, leading to the theft of approximately 3,800 internal repositories by threat actor TeamPCP (UNC6780), who then offered the data for sale.

Visual Studio Code TeamPCP supply-chain github credential-theft vscode

2r 7t May 21, 2026

high advisory

CVE-2026-41613 - Visual Studio Code Session Fixation Vulnerability

2 rules 1 TTP 1 CVE

CVE-2026-41613 is a session fixation vulnerability in Visual Studio Code that allows an unauthorized attacker to elevate privileges over a network.

Visual Studio Code session-fixation privilege-escalation vscode

2r 1t 1c May 12, 2026

medium advisory

Detection of VScode Remote Tunneling for Command and Control

2 rules 1 TTP

The rule detects the execution of the VScode portable binary with the tunnel command line option, potentially indicating an attempt to establish a remote tunnel session to Github or a remote VScode instance for unauthorized access and command and control.

Microsoft Defender XDR +3 command-and-control vscode remote-access-tools windows

2r 1t May 4, 2026

medium advisory

Suspicious Execution from VS Code Extension

2 rules 9 TTPs

Malicious VS Code extensions can execute arbitrary commands, leading to initial access and subsequent payload deployment on Windows systems.

VS Code initial-access execution supply-chain-compromise vscode

2r 9t Jan 3, 2024