05/21/2025-05/28/2025 Critical Versa Concerto Flaws, Hidden Prompts In Gitlab Duo, Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto And More.

1. Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts

Cybersecurity researchers have identified three critical vulnerabilities in Versa Concerto’s network security and SD-WAN orchestration platform, which could allow attackers to fully compromise affected systems. Despite being disclosed on February 13, 2025, the flaws remained unpatched past the 90-day deadline, prompting a public advisory.

The issues include CVE-2025-34025 (CVSS 8.6), a Docker privilege escalation; CVE-2025-34026 (CVSS 9.2), an authentication bypass exposing sensitive endpoints; and CVE-2025-34027 (CVSS 10.0), a flaw enabling remote code execution via arbitrary file writes. Successful exploitation of CVE-2025-34027 could allow an attacker to leverage a race condition and write malicious files to disk, ultimately resulting in remote code execution using LD_PRELOAD and a reverse shell.

Versa Networks stated the issues were fixed in version 12.2.1 GA released on April 16, 2025, with no known exploitation in the wild. Users are advised to upgrade, block semicolons in URLs, and monitor traffic for suspicious activity.

2. Hidden Prompts In Gitlab Duo Expose Source Code To Theft

 A critical vulnerability in GitLab’s AI coding assistant, Duo, exposed private code repositories through an indirect prompt injection attack, now patched. Discovered by Legit Security, the flaw allowed attackers to embed hidden prompts in merge requests, commit messages, and comments, tricking Duo into leaking sensitive data or injecting malicious HTML. Built on Anthropic’s Claude, Duo processes full-page content—including Markdown—making it vulnerable to prompts hidden in source code or UI elements. This deep integration introduced client-side risks, letting attackers manipulate responses or redirect users to phishing sites.

Researchers used obfuscation methods like Base16 encoding, Unicode smuggling, and white-text formatting to conceal prompts. These tactics made detection difficult for both developers and security tools. GitLab, following a February 12, 2025, disclosure, added protections such as structured prompts and context boundaries. While these measures reduce risk, GitLab warns they may not block all advanced attacks.

3. Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Researchers have uncovered multiple malicious campaigns abusing open-source platforms like npm and Visual Studio Code (VS Code) Marketplace to steal data and distribute malware.

Socket found 60 npm packages that exfiltrate hostnames, IPs, and user data to a Discord webhook during install. These packages, downloaded over 3,000 times, target Windows, macOS, and Linux, using sandbox evasion and encoded payloads to avoid detection. Some masqueraded as helper libraries for frameworks like React and Vue, but deployed destructive payloads that could corrupt files or crash systems. One, js-bomb, even triggered shutdowns.

Separately, a phishing campaign used a malicious npm package to redirect victims to a fake Office 365 login page. Another npm package, citiycar8, delivered second-stage JavaScript via encrypted payloads hosted on jsDelivr.

In the VS Code Marketplace, Datadog linked threat actor MUT-9332 to malware-laced extensions targeting Solidity developers. These disguised tools stole crypto wallet credentials and disabled security features. Some also deployed additional malware from remote servers. All extensions have since been removed.

A list of known malicious packages identified across the npm registry and VS Code Marketplace

Still available at time of report; downloaded 6,200+ times:

• vite-plugin-vue-extend;
• quill-image-downloader;
• js-hood;
• js-bomb (includes file deletion + system shutdown);
• vue-plugin-bomb;
• vite-plugin-bomb;
• vite-plugin-bomb-extend;
• vite-plugin-react-extend.

4. CISA Warns of Attacks Targeting Commvault SaaS Environment

A threat actor has exploited a zero-day vulnerability (CVE-2025-3928) in Commvault’s cloud-based backup platform, Metallic, to access Microsoft 365 credentials and compromise customer accounts. The attacker, likely linked to a nation-state, gained unauthorized access via Commvault’s Azure-hosted environment, though no backup data was stolen. Commvault first reported the incident in March 2025 after a Microsoft alert. Investigations revealed the threat actor used sophisticated techniques and targeted a small number of customers. The company patched the flaw and enhanced key rotation, monitoring, and configuration options to strengthen defenses. CISA warned this may be part of a larger campaign exploiting SaaS misconfigurations. It recommends rotating app secrets, applying conditional access policies, and monitoring Entra ID logs for anomalies.

On-premises users should secure management interfaces and block path traversal or unauthorized file uploads. Commvault released indicators of compromise and aligned its security measures with Microsoft’s recommendations.