#vs-code-extension

[ follow ]
#malware #moltbot #remote-access #ransomware #github-c2 #ai-assisted-malware #ai-coding #openai-codex #usage-limits
fromThe Hacker News
3 days ago

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

Moltbot has taken off in a big way, crossing more than 85,000 stars on GitHub as of writing. The open-source project, created by Austrian developer Peter Steinberger, allows users to run a personal AI assistant powered by a large language model (LLM) locally on their own devices and interact with it over already established communication platforms like WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Microsoft Teams, and WebChat.
Information security
Information security
fromThe Hacker News
2 months ago

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

A malicious VS Code extension named susvsex uses AI-assisted code to zip, exfiltrate, and encrypt files and leverages GitHub as a command-and-control channel.
Artificial intelligence
fromZDNET
4 months ago

I spent $20 on Codex and got 24 days of coding work done in 6 hours - but there's a big catch

Using Codex in VS Code for $20/month dramatically increases coding productivity but enforces restrictive usage limits that push users toward expensive premium plans.
Information security
fromTheregister
5 months ago

AWS patches Q Developer after prompt injection, RCE demo

Amazon fixed prompt-injection and RCE-capable vulnerabilities in the Amazon Q Developer VS Code extension by updating the language server and adding human-in-the-loop approval.
[ Load more ]