Risky Bulletin Risky Bulletin: Clever worm hits the VS Code scene
Oct 21, 2025
A clever worm is wreaking havoc on VS Code users, targeting crypto wallets and developer credentials. F5 suffered a breach due to its own product vulnerabilities, leading to serious consequences. Following a significant security incident, the CEO of Korea Telecom plans to resign. In the world of scouting, the Boy Scouts are introducing new cybersecurity merit badges. Meanwhile, hackers continue to leak sensitive US government data, and malicious Chrome extensions are spamming WhatsApp Web. The cybersecurity landscape is more treacherous than ever!
AI Snips
Chapters
Transcript
Episode notes
Audit And Rotate After Extension Compromise
- Audit installed VS Code extensions and remove unknown or rarely maintained ones immediately.
- Rotate credentials and check for injected code in extensions and libraries if you used compromised extensions.
Extension Worm Targets Developers
- A VS Code worm spreads via extensions in official marketplaces and targets developers' tooling and credentials.
- It uses blockchain and Google Calendar for command-and-control and obfuscated Unicode to evade analysis.
Vendor Products Became Attack Vectors
- F5's breach began earlier than public reports indicated and exploited vulnerabilities in its own products.
- The incident highlights risks when vendor product bugs become attack vectors against the vendor itself.