Cybersecurity researchers have identified a dangerous extension, juan-bianco.solidity-vlang, found within the Open VSX registry. This extension harbors a remote access trojan known as SleepyDuck. Initially released on October 31, 2025, it was presented as a benign library. Just a day later, on November 1, it was updated to version 0.0.8, which likely introduced malicious features that compromise user security. This development highlights the constant threat posed by malicious software lurking in legitimate repositories. It’s crucial for users to verify the integrity of extensions they install, especially in development environments. Cybersecurity experts stress the importance of vigilance and updating security protocols to defend against such threats.
👉 Pročitaj original: The Hacker News
