Critical vulnerabilities in popular VSCode extensions enable RCE and file theft

SmarterTools has addressed a critical unauthenticated remote code execution (RCE) flaw in SmarterMail email software, tracked as CVE-2026-24423 with a CVSS score of 9.3. The vulnerability allows attackers to execute arbitrary OS commands by pointing SmarterMail to a malicious HTTP server. The flaw was discovered by researchers from watchTowr, CODE WHITE GmbH, and VulnCheck and was patched in version Build 9511, released on January 15, 2026. CISA has added CVE-2026-24423 to its KEV catalog, marking it as actively exploited in ransomware campaigns, and has given federal agencies until February 26, 2026, to patch or stop using affected versions. Additionally, another critical flaw (CVE-2026-23760) and a medium-severity vulnerability (CVE-2026-25067) were also addressed in subsequent updates.

Critical vulnerabilities in Fluent Bit, a widely used telemetry agent, have been disclosed. These flaws affect log, metric, and trace handling across banking, cloud, and SaaS platforms. The issues include improper input validation, path traversal bugs, and authentication bypasses, allowing attackers to manipulate logs, overwrite files, and execute code. Patches are available in versions v4.1.1 and v4.0.12, but older versions remain at risk. The vulnerabilities could distort observability pipelines, impacting financial services, security products, and SaaS environments. Immediate patching and configuration hardening are recommended. AWS has urged customers to update to the latest version of Fluent Bit for optimal protection. The flaws could enable attackers to disrupt cloud services, manipulate data, and burrow deeper into cloud and Kubernetes infrastructure.

A critical remote code execution (RCE) vulnerability (CVE-2025-59287) in Windows Server Update Service (WSUS) is being actively exploited in the wild. The flaw allows attackers to run malicious code with SYSTEM privileges on Windows servers with the WSUS Server role enabled. Microsoft has released out-of-band patches for all affected Windows Server versions. Cybersecurity firms have observed exploitation attempts and the presence of publicly available proof-of-concept exploit code. The vulnerability is considered potentially wormable between WSUS servers and poses a significant risk to organizations. The flaw concerns a case of deserialization of untrusted data in WSUS. The vulnerability was discovered and reported by security researchers MEOW, f7d8c52bec79e42795cf15888b85cbad, and Markus Wulftange with CODE WHITE GmbH. CISA and NSA, along with international partners, have issued guidance to secure Microsoft Exchange Server instances, including recommendations to restrict administrative access, implement multi-factor authentication, and enforce strict transport security configurations. The agencies advise decommissioning end-of-life on-premises or hybrid Exchange servers after transitioning to Microsoft 365. Sophos reported threat actors exploiting the vulnerability to harvest sensitive data from U.S. organizations across various industries, with at least 50 victims identified. The exploitation activity was first detected on October 24, 2025, a day after Microsoft issued the update. Attackers use Base64-encoded PowerShell commands to exfiltrate data to a webhook[.]site endpoint. Michael Haag of Splunk noted an alternate attack chain involving the Microsoft Management Console binary (mmc.exe) to trigger cmd.exe execution. Recently, threat actors have been exploiting CVE-2025-59287 to distribute ShadowPad malware, a modular backdoor used by Chinese state-sponsored hacking groups. Attackers used PowerCat, certutil, and curl to obtain a system shell and download ShadowPad. The malware is launched via DLL side-loading and comes with anti-detection and persistence techniques.

The TigerJack campaign continues to target developers with malicious Visual Studio Code (VSCode) extensions, which have now been found to leak access tokens posing a critical software supply chain risk. The campaign has distributed at least 11 malicious VSCode extensions since the beginning of the year, with two extensions, C++ Playground and HTTP Format, removed from VSCode but remaining on OpenVSX. These extensions steal cryptocurrency, plant backdoors, and exfiltrate source code. The threat actor republishes the same malicious code under new names, making detection and removal challenging. Developers are advised to be cautious when downloading extensions from these platforms. Over 100 VSCode extensions were found to leak access tokens, allowing attackers to distribute malicious updates. The leaked tokens include AI provider secrets, cloud service provider secrets, and database secrets. Microsoft has revoked the leaked PATs and is adding secret scanning capabilities to enhance security. Organizations are recommended to develop an extension inventory and consider a centralized allowlist for extensions. A new malicious extension named susvsex with basic ransomware capabilities was published on Microsoft's official VS Code marketplace. The extension was published by 'suspublisher18' and its malicious functionality was openly advertised in its description. The extension's malicious functionality includes file theft to a remote server and encryption of all files with AES-256-CBC. The extension activates on any event, including on installation or when launching VS Code, initializing the 'extension.js' file that contains its hardcoded variables (IP, encryption keys, command-and-control address). The extension calls a function named zipUploadAndEncrypt which checks the presence of a marker text file, and starts the encryption routine. The extension creates a .ZIP archive of the files in the defined target directory and exfiltrates them to the hardcoded C2 address. All the files are then replaced with their encrypted versions. The extension polls a private GitHub repository for commands, periodically checking an 'index.html' file that uses a PAT token for authentication, and tries to execute any commands there. The owner of the repository is likely based in Azerbaijan. The extension is an overt threat and may be the result of an experiment to test Microsoft's vetting process. Secure Annex labels susvsex an 'AI slop' with its malicious actions exposed in the README file, but notes that a few tweaks would make it far more dangerous. Microsoft ignored the report about the extension and did not remove it from the VS Code registry initially, but it was no longer available by the time the article was published. Two new malicious extensions, Bitcoin Black and Codo AI, were found on Microsoft's Visual Studio Code Marketplace. Bitcoin Black masquerades as a color theme and Codo AI as an AI assistant, both published under the developer name 'BigBlack'. Bitcoin Black features a '*' activation event that executes on every VSCode action and can run PowerShell code. Bitcoin Black uses a batch script to download a DLL file and an executable, with the activity occurring with the window hidden. Codo AI includes code assistance functionality via ChatGPT or DeepSeek but also has a malicious section. Both extensions deliver a legitimate executable of the Lightshot screenshot tool and a malicious DLL file that deploys the infostealer under the name runtime.exe. The malware creates a directory in '%APPDATA%\Local\' and stores stolen data including screenshots, WiFi credentials, system information, and cryptocurrency wallets. The malware steals cookies and hijacks user sessions by launching Chrome and Edge browsers in headless mode. The malware steals cryptocurrency wallets like Phantom, Metamask, Exodus, and looks for passwords and credentials. The malicious DLL is flagged as a threat by 29 out of the 72 antivirus engines on Virus Total. Microsoft has removed the extensions BigBlack.bitcoin-black, BigBlack.codo-ai, and BigBlack.mrbigblacktheme from the Marketplace. The extensions activate on every VS Code action and embed malicious functionality within a working tool to bypass detection. Earlier versions of the extensions executed a PowerShell script to download a password-protected ZIP archive from an external server. Subsequent versions of the extensions used a batch script to download the executable and DLL, hiding the PowerShell window. The legitimate Lightshot binary is used to load the rogue DLL via DLL hijacking. The rogue DLL gathers clipboard contents, installed apps, running processes, desktop screenshots, Wi-Fi credentials, and detailed system information. The malware launches Google Chrome and Microsoft Edge in headless mode to grab stored cookies and hijack user sessions. A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified on December 2, the operation used a legitimate npm package to disguise harmful files and bundled malicious binaries inside an archive masquerading as a PNG image. This approach, observed by ReversingLabs (RL), enabled attackers to bypass conventional checks and target developers directly. Some extensions imitate popular tools, while others advertise new features but secretly execute unwanted code. In this new campaign, attackers embedded a modified version of the npm package path-is-absolute inside the extensions’ node_modules folders. The original package is widely used, with more than 9 billion downloads since 2021, but the altered version included a class designed to trigger malware when VS Code starts. The attackers also included a file named banner.png, which appeared harmless but opened as an archive containing two binaries. The dropper launched these files via cmstp.exe, a common living-off-the-land binary (LOLBIN). One executable closed the process by simulating a keypress, while the other was a Rust-based Trojan still being analyzed at the time of this report. Although the techniques differed, the goal remained the same: covertly execute malware through trusted components. Detecting malicious VS Code extensions has become increasingly urgent, ReversingLabs warned. The firm said detections grew from 27 in 2024 to 105 in the first 10 months of 2025. To reduce risk, teams are encouraged to inspect extensions before installation, audit all bundled dependencies, and use security tools capable of evaluating package behavior. All the mentioned extensions have been reported to Microsoft. A new malware campaign targeting developers with the Evelyn Stealer malware has been identified. This malware abuses VS Code extensions to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. The malware harvests clipboard content, installed apps, cryptocurrency wallets, running processes, desktop screenshots, stored Wi-Fi credentials, system information, and credentials and stored cookies from Google Chrome and Microsoft Edge. The malware implements safeguards to detect analysis and virtual environments and terminates active browser processes to ensure seamless data collection. The malware uses specific command-line flags to launch browsers in a stealthy manner, preventing detection and forensic traces. The DLL downloader creates a mutual exclusion (mutex) object to ensure only one instance of the malware can run at any given time. The Evelyn Stealer campaign targets organizations with software development teams that rely on VS Code and third-party extensions. The malware exfiltrates collected data to a remote server (server09.mentality[.]cloud) over FTP in the form of a ZIP file. Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace, collectively installed 1.5 million times, exfiltrate developer data to China-based servers. The extensions are advertised as AI-based coding assistants and provide the promised functionality but do not disclose the upload activity or ask users for consent to deliver data to a remote server. The extensions use three distinct data-collection mechanisms: real-time monitoring of files opened in the VS Code client, server-controlled file-harvesting commands, and zero-pixel iframes in the extension’s webview to load four commercial analytics SDKs. The extensions exfiltrate entire file contents and changes to the attackers’ servers, harvest up to 50 files from the victim’s workspace each time, and use SDKs to track user behavior, build identity profiles, fingerprint devices, and monitor activity inside the editor. The extensions pose risks including the exposure of private source code, configuration files, cloud service credentials, and .env files containing API keys and credentials. The extensions are part of a campaign dubbed 'MaliciousCorgi' and share the same code for stealing developer data and use the same spyware infrastructure and communicate with the same backend servers. The extensions are still present on the marketplace at the time of publishing: ChatGPT – 中文版 (publisher: WhenSunset, 1.34 million installs) and ChatMoss (CodeMoss) (publisher: zhukunpeng, 150k installs).

Threat actors have exploited a zero-day vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) to deliver WeepSteel malware. The flaw, tracked as CVE-2025-53690, affects versions prior to 9.0 and was exploited using a sample machine key from outdated deployment guides. The attack involved ViewState deserialization, internal reconnaissance, and the deployment of various open-source tools for persistence and lateral movement. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch the vulnerability by September 25, 2025. The vulnerability has a CVSS score of 9.0, indicating critical severity. The China-linked threat group Ink Dragon has been observed turning misconfigured servers in European government networks into relay nodes to hide its cyber-espionage activity. Ink Dragon probes public-facing websites for weaknesses, including configuration issues in Microsoft's IIS web server and SharePoint. Once a foothold is established, the group moves quietly through the environment, collecting credentials and using Remote Desktop for lateral movement. Ink Dragon maps the environment in detail, controls policy settings, and deploys long-term access tools across high-value systems. The group uses compromised organizations to support operations elsewhere, deploying a customized IIS-based module to turn public-facing servers into relay points. Ink Dragon has updated its tooling, including a new version of the FinalDraft backdoor built for long-term access and to blend into Microsoft cloud activity. A second China-linked group, RudePanda, has entered some of the same European government networks and exploited the same exposed server vulnerability. A threat actor likely aligned with China, tracked as UAT-8837, has been targeting critical infrastructure sectors in North America since at least last year. UAT-8837 is primarily tasked with obtaining initial access to high-value organizations. The group deploys open-source tools to harvest sensitive information such as credentials, security configurations, and domain and Active Directory (AD) information. UAT-8837 exploits a critical zero-day vulnerability in Sitecore (CVE-2025-53690, CVSS score: 9.0) to obtain initial access. The group disables RestrictedAdmin for Remote Desktop Protocol (RDP) to ensure credentials and other user resources aren't exposed to compromised remote hosts. UAT-8837 downloads several artifacts including GoTokenTheft, EarthWorm, DWAgent, SharpHound, Impacket, GoExec, Rubeus, and Certipy to enable post-exploitation. The group exfiltrated DLL-based shared libraries related to the victim's products, raising the possibility of future trojanization and supply chain compromises.