Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Microsoft apologizes for removing VSCode extensions used by millions

Microsoft has reinstated the 'Material Theme – Free' and 'Material Theme Icons – Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. According to Astorino, the Material Theme extensions on the VSCode marketplace have been completely rewritten and are safe to use. The researchers told BleepingComputer that their high-risk evaluation for Material Theme arose from what was detected as the presence of code execution capabilities in the theme's "release-notes.js" file, which was also heavily obfuscated. Astorino immediately objected to the allegations and the removal of his extensions from the VSCode Marketplace, alleging that the problem comes from an outdated sanity.io dependency used since 2016 to show release notes from sanity headless CMS. The two VSCode extensions, which count over 9 million installs, were pulled from the VSCode Marketplace in late February over security risks, and their publisher, Mattia Astorino (aka 'equinusocio') was banned from the platform. "Regarding Material Theme, the obfuscation process unintentionally included the sanity.io SDK client, which contained some strings referencing passwords or usernames (the auth client). "The publisher account for Material Theme and Material Theme Icons (Equinusocio) was mistakenly flagged and has now been restored," reads Hanselman's post. Additionally, Hanselman stated that the Visual Studio Code Marketplace will update its policy on obfuscated code and update its scanners accordingly to avoid quickly acting upon projects in the future.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 13 Mar 2025 20:55:14 +0000

Cyber News related to Microsoft apologizes for removing VSCode extensions used by millions

VSCode extensions found downloading early-stage ransomware - It is notable that the extensions were uploaded onto the VSCode Marketplace on October 27, 2024 (ahban.cychelloworld) and February 17, 2025 (ahban.shiba), bypassing safety review processes and remaining on Microsoft's store for an extensive ...
5 months ago Bleepingcomputer.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2022-48895 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago

Microsoft apologizes for removing VSCode extensions used by millions - Microsoft has reinstated the 'Material Theme – Free' and 'Material Theme Icons – Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. According to Astorino, the ...
5 months ago Bleepingcomputer.com

CVE-2025-52882 - Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an ...
2 months ago

VSCode extensions with 9 million installs pulled over security risks - Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. One of the researchers, Amit Assaraf, says ...
6 months ago Bleepingcomputer.com

Malicious VSCode extensions infect Windows with cryptominers - Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer to mine Ethereum and Monero. If you have installed any of the nine extensions mentioned in the ...
5 months ago Bleepingcomputer.com

Cyble Discovers Cyberattack Using VSCode For Remote Access - Cyble Research and Intelligence Lab (CRIL) researchers have uncovered a sophisticated campaign that starts with a suspicious .LNK file and uses Visual Studio Code (VSCode) to establish persistence and remote access – and installs the VSCode command ...
11 months ago Thecyberexpress.com

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com

The zero-day that could've compromised every Cursor and Windsurf user - In a recent post Yomtom explains that while examining the build process behind OpenVSX, the open-source marketplace powering extensions for tools like Cursor, Windsurf, VSCodium, and others, he discovered a critical flaw. Dubbed VSXPloit: A single ...
1 month ago Bleepingcomputer.com

Over 6 Million Chrome Extensions Can Execute Remote Commands on Users’ Browsers - A major security incident has come to light involving more than six million installations of Chrome browser extensions that secretly execute remote commands, track user activity, and potentially expose sensitive information. John Tuckner of secure ...
4 months ago Cybersecuritynews.com

Fake VPN Chrome extensions force-installed 1.5 million times - Three malicious Chrome extensions posing as VPN infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. According to ReasonLabs, which discovered the malicious extensions, they are spread via ...
1 year ago Bleepingcomputer.com

Developers Beware of Malicious VS Code Extension Apps With Million of Installations - Cybersecurity researchers have uncovered a disturbing campaign targeting software developers through malicious Visual Studio Code extensions that have collectively amassed millions of installations. These compromised extensions, masquerading as ...
5 months ago Cybersecuritynews.com

Google Takes Down Over 50,000 Instances of Malicious Chrome Extensions - Google recently took down over 50,000 Chrome browser extensions after discovering that they were involved in malicious activity. The malicious activity included advertising click fraud, downloading malware, and displaying adware. According to Google, ...
2 years ago Thehackernews.com

How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com

Malicious Chrome VPN Extensions Installed 1.5M Times Browsers - In a recent cybersecurity revelation, a highly sophisticated cyber attack campaign has emerged, weaving a web of deceit through malicious web extensions cunningly disguised as VPNs. ReasonLabs, a cybersecurity firm, has discovered online piracy ...
1 year ago Cybersecuritynews.com

New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com

Chrome extensions with 6 million installs have hidden tracking code - While Tuckner didn't catch any extensions stealing user passwords or cookies, the excessively risky capabilities, heavily obfuscated code, and hidden logic were enough for the researcher to label them as risky and, potentially, spyware. A set of 57 ...
4 months ago Bleepingcomputer.com

Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals - A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector. Extensive Permissions to Sensitive ...
3 months ago Bleepingcomputer.com

IDE Extensions Like VSCode Let Attackers Bypass Trust Checks and Malware on Developer Machines - A critical security vulnerability has been discovered in popular Integrated Development Environments (IDEs) that allows malicious actors to bypass trust verification systems and execute code on developer machines while maintaining the appearance of ...
2 months ago Cybersecuritynews.com

Microsoft to Kill Poplar Editor Browser Extensions - Microsoft has announced plans to discontinue support for Poplar Editor browser extensions, a move that will affect users relying on these tools for enhanced browsing experiences. Poplar Editor extensions, known for their editing capabilities within ...
1 week ago Cybersecuritynews.com

CVE-2023-46248 - Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the ...
1 year ago

"Microsoft’s Secure Future Initiative" Biggest cybersecurity Project in Its History - Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, and the broader industry. Following ...
4 months ago Cybersecuritynews.com

Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, most of the malicious functionality ...
2 months ago Bleepingcomputer.com

Malicious Chrome extensions with 1.7M installs found on Web Store - Almost a dozen malicious extensions with 1.7 million downloads in Google's Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. According to the researchers, the malicious functionality is ...
2 months ago Bleepingcomputer.com

8 New Malicious Firefox Extensions Steal OAuth Tokens, Passwords, and Spy on Users - Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords, and spy on users through deceptive tactics. The investigation ...
2 months ago Cybersecuritynews.com