Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

VSCode extensions local file theft and RCE vulnerabilities (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 24
2 unique sources, 2 articles

Summary

Hide ▲

High-to-critical vulnerabilities in popular VSCode extensions can expose developers to local file theft and remote code execution across software downloaded more than 128 million times. The flaws affect Live Server (CVE-2025-65715), Code Runner (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview. Exploitation can be triggered through a malicious webpage, a malicious settings.json snippet, or a malicious Markdown file.

Related Happenings

Cursor IDE MCP deeplink code execution security flaw

Vulnerability
First: 17.03.2026 17:00 Last: 17.03.2026 17:00 Sources 1

About this happening: A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...

Open Happening

LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis

Technical Analysis
First: 17.03.2026 15:59 Last: 17.03.2026 15:59 Sources 1

About this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...

Open Happening

GitHub Codespaces malicious repository or pull request RCE remote code execution flaw

Vulnerability
First: 05.02.2026 16:30 Last: 05.02.2026 16:30 Sources 1

About this happening: **GitHub Codespaces** vulnerability **RoguePilot** can let an attacker abuse **GitHub Copilot** by planting hidden instructions in a **GitHub issue**, then opening a Codespace fro...

Open Happening

Open VSX Registry adds pre-publish security checks for VS Code extensions

Security Tool/Service
First: 04.02.2026 08:26 Last: 04.02.2026 08:26 Sources 1

About this happening: **Open VSX Registry** will add **pre-publish security checks** for **VS Code extensions**, reducing the chance that malicious packages reach the ecosystem. The rollout uses **Febr...

Latest development: 27.03.2026 15:57

Koi Security disclosed a now-patched flaw in Open VSX's pre-publish scanning pipeline that could let a malicious Microsoft Visual Studio Code (VS Code) extension pass vetting and go live when scanner job failures were misread as "no scanners are configured"; Open VSX fixed the issue in version 0.32.0 after responsible disclosure on February 8, 2026.

Open Happening

GlassWorm malware abuses compromised OpenVSX extensions to steal credentials from macOS systems

Malware Activity
First: 03.02.2026 00:04 Last: 03.02.2026 00:04 Sources 1

About this happening: **GlassWorm** is a malware campaign that now also fuels **ForceMemo**, a **supply-chain attack** that steals **GitHub tokens** and force-pushes malicious code into **Python reposi...

Open Happening

Timeline

  1. 17.02.2026 23:27 2 articles · 3mo ago

    Ox Security discloses high-to-critical VSCode extension flaws

    Initial Disclosure

    Ox Security disclosed high-to-critical vulnerabilities in popular Visual Studio Code extensions collectively downloaded more than 128 million times, including Live Server (CVE-2025-65715), Code Runner (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview before 0.4.16. The flaws can enable local file theft, remote code execution, JavaScript execution, and one-click XSS, and the same issues also apply to Cursor and Windsurf; Ox Security said it had tried to notify maintainers since June 2025 and warned that exploitation could support lateral movement, data exfiltration, API key theft, and configuration-file access.

    Show sources
    Open in new tab