06/25/2025-07/02/2025 New Flaw in IDEs Like Visual Studio Code, Flaw in Open VSX Registry, Critical Flaws in ISE and ISE-PIC And More.

1. New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A new study revealed vulnerabilities in popular IDEs like Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor that let attackers run malicious code on developer machines by exploiting flaws in extension verification. Researchers from OX Security found that Visual Studio Code’s verification process can be bypassed by creating malicious extensions mimicking verified ones, making them appear trustworthy while executing harmful OS commands. This abuse of extension sideloading allows rogue plugins distributed outside official marketplaces to appear legitimate, posing a serious risk in development environments with sensitive data.

The team demonstrated a proof-of-concept where a malicious extension opened the Calculator app on Windows. Similar flaws were found in IntelliJ IDEA and Cursor by altering verification values without losing the verified status.

Microsoft claims this is by design and has signature verification to block such extensions from the Marketplace, but the flaw was still exploitable as of June 2025.

2. Researchers Uncover Flaw in Open VSX Registry, Exposing Developer Extensions to Takeover

Cybersecurity researchers discovered a flaw in the Open VSX Registry that risked control over its extensions ecosystem used by over eight million developers. The vulnerability, disclosed by Koi Security on May 4, 2025, remained unpatched until June 25, 2025.

Open VSX, managed by the Eclipse Foundation, supports VS Code forks like Cursor and VSCodium. The flaw was in its automated publishing workflow, where a privileged token (OVSX_PAT) used to publish extensions was exposed during npm installs, allowing attackers to extract it by running malicious build scripts.
With this token, attackers could overwrite any extension with malicious code, potentially compromising developer machines without detection since updates run silently in the background. Given extensions’ deep access to environments, this posed a serious security risk. After disclosure, the Eclipse Foundation patched the issue, securing the publishing process to prevent token exposure during builds. This incident highlights the critical need for strict security in extension marketplaces.

3. Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have uncovered a critical vulnerability (CVE-2025-49596, CVSS 9.4) in Anthropic’s Model Context Protocol (MCP) Inspector that allows remote code execution (RCE), giving attackers full access to affected machines. The flaw stems from insecure default settings, such as lack of authentication and encryption, exposing local servers to browser-based attacks. By exploiting a legacy browser vulnerability known as “0.0.0.0 Day” and chaining it with a CSRF flaw, a malicious website can trigger arbitrary code execution on a developer’s machine. The issue was patched in version 0.14.1 with added authentication and origin checks. Despite being a reference tool not meant for production, MCP Inspector has been widely adopted and forked over 5,000 times. Security experts warn that such misconfigurations create major risks for developers, especially in public networks, and stress the need for stricter AI rules to guard against prompt injection and context poisoning in agent workflows.

4. Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

A new campaign uses fake websites advertising popular software like WPS Office and Sogou to deliver the Sainbox RAT and an open-source Hidden rootkit. This activity is linked with medium confidence to the Chinese hacking group Silver Fox (aka Void Arachne), based on similarities to their previous campaigns. The phishing sites, such as “wpsice[.]com,” distribute malicious MSI installers in Chinese, targeting Chinese-speaking users. The malware includes Sainbox RAT—a Gh0st RAT variant—and the Hidden rootkit.The installers launch a legitimate executable that sideloads a rogue DLL to execute shellcode and deploy Sainbox. The embedded rootkit helps hide malware processes and registry keys.

Silver Fox has used similar tactics before, including campaigns in 2024 delivering Gh0st RAT variants like ValleyRAT. Using commodity RATs and open-source rootkits lets attackers maintain control and stealth with minimal custom coding.

5. Cisco Patches Critical Flaws in ISE and ISE-PIC That Allow Root Access

Cisco has released urgent patches for two critical vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), rated CVSS 10.0. These flaws, CVE-2025-20281 and CVE-2025-20282, allow attackers to gain root access without credentials, risking full system compromise.

CVE-2025-20281 affects ISE and ISE-PIC versions 3.3 and later, enabling remote root command execution via a vulnerable API. CVE-2025-20282 impacts version 3.4, letting attackers upload and execute malicious files with root privileges.
Both flaws affect all deployments of versions 3.3 and 3.4, with no workarounds available—only software patches fix the issue. Cisco urges immediate patching, noting no known exploitation yet but highlighting the high risk.

Discovered via Trend Micro’s Zero Day Initiative, these vulnerabilities stress the importance of securing API endpoints and applying timely updates to protect critical identity management systems.

06/18/2025-06/25/2025 200+ Trojanized GitHub Repositories, New Linux Flaws Grant Full Root Access, Hackers Exploit Misconfigured Docker APIs And More.

1. 200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers

Cybersecurity researchers have uncovered a malicious campaign involving over 67 GitHub repositories posing as Python-based hacking tools but delivering trojanized payloads. Dubbed Banana Squad by ReversingLabs, the campaign is linked to a 2023 effort that targeted the Python Package Index (PyPI) with similar tactics. These repositories impersonate popular tools like Discord cleaners, Fortnite cheats, and TikTok checkers, aiming to lure users searching for such software. Once downloaded, the payloads steal data, inject code into cryptocurrency apps, and establish remote access. The threat actors also abuse GitHub’s trust system by using fake stars and forks to boost visibility. Related campaigns like Water Curse and Stargazers Ghost Network exploit GitHub to distribute malware, often targeting gamers and novice hackers.

Sophos identified 133 repositories using techniques like Visual Studio PreBuild backdoors. The broader trend reflects a growing malware distribution model leveraging open-source platforms. Developers are urged to verify repository integrity before use.

2. New Linux Flaws Grant Full Root Access Across Major Distributions

Security researchers have discovered two major vulnerabilities in Linux that allow attackers to escalate privileges and gain full root access. The flaws (CVE-2025-6018 and CVE-2025-6019) impact major distributions including Ubuntu, Debian, Fedora, and openSUSE.Attackers can combine these flaws to escalate from a basic GUI or SSH session to full root access. The attack leverages udisks loop mounts and PAM quirks to bypass polkit trust zones.

Who Is Affected:

• CVE-2025-6018 affects openSUSE Leap 15 and SUSE Linux Enterprise 15.
• CVE-2025-6019 impacts libblockdev via the udisks daemon, which is installed by default on most Linux systems.

Once exploited, an attacker can disable security tools, install rootkits, or establish persistent access.

Patch Immediately: Linux vendors are releasing updates. Users should apply security patches as soon as possible, modify polkit rules for org.freedesktop.udisks2.modify-device, require auth_admin to block unauthorized actions.

3. Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network

Misconfigured Docker instances are being exploited in a new cryptojacking campaign that uses the Tor network to hide attacker activity. Attackers abuse exposed Docker APIs to access containerized environments, deploy crypto miners, and mask their origin via Tor.

The attack begins with a request from IP 198.199.72[.]27 to list containers. If none exist, a new one is created using the “alpine” image, with the host’s root directory mounted inside—allowing dangerous access to the host system. A Base64-encoded script installs Tor and fetches a remote payload from a .onion domain. The attacker then modifies SSH settings to enable root login, installs tools like masscan and torsocks, and delivers an XMRig miner. All traffic is routed through Tor for anonymity. Targets include tech, finance, and healthcare sectors. Separately, Wiz found hundreds of leaked credentials in public code repositories, posing major risks to over 30 companies—including Fortune 100 firms.

4. Cloudflare Blocks Record 7.3 Tbps DDoS Attack Against Hosting Provider

In May 2025, Cloudflare mitigated a record-breaking DDoS attack that peaked at 7.3 Tbps—12% larger than the previous record. The 45-second attack targeted a hosting provider, generating 37.4 TB of traffic, equivalent to 7,500 hours of HD streaming.

The attack came from over 122,000 IPs across 161 countries, mainly Brazil, Vietnam, Taiwan, and China. It flooded multiple ports—peaking at 34,517 ports/second—using techniques like UDP floods, QOTD and Echo reflection, NTP amplification, and Mirai botnet traffic.

Cloudflare’s automated system, powered by its anycast network and real-time threat detection tools, handled the attack without human intervention, dispersing traffic across 477 global data centers.

Despite 99.996% of the traffic being UDP floods, other vectors probed for weaknesses. Indicators of compromise were added to Cloudflare’s free DDoS Botnet Threat Feed, now used by over 600 organizations.

06/11/2025-06/18/2025 Active Exploitation of Linux Kernel Privilege Escalation Vulnerability,Veeam Patches Critical Vulnerability And More.

1. CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability

CISA has added a Linux kernel vulnerability (CVE-2023-0386, CVSS 7.8) to its KEV catalog, warning it’s being actively exploited. The flaw, patched in early 2023, is an improper ownership bug in the OverlayFS subsystem that allows local privilege escalation. The issue arises when files are copied from a nosuid mount to another mount, letting unprivileged users escalate privileges by creating a root-owned SUID binary. Datadog called the exploit “trivial,” noting it abuses the kernel’s failure to properly check user namespace mappings.

While exact exploitation methods in the wild remain unclear, similar OverlayFS-related flaws—dubbed GameOver(lay)—have been detailed by cloud security firm Wiz, showing they can also grant root access on Unix systems. CISA has mandated all Federal Civilian Executive Branch agencies to apply patches by July 8, 2025, to defend against these active threats.

2. Veeam Patches Critical Vulnerability in Backup & Replication

Veeam has released patches for a critical vulnerability (CVE-2025-23120, CVSS 9.9) in its Backup & Replication software that could allow remote code execution (RCE) by authenticated domain users. The flaw affects version 12.3.0.310 and earlier builds. Users are urged to update to version 12.3.1 (build 12.3.1.1139).The issue stems from insecure deserialization within Veeam’s allow-list mechanism. Improper handling allows attackers to trigger inner deserialization using block-listed classes, enabling code execution.

The vulnerability is linked to CVE-2024-40711, exploited in ransomware attacks, and CVE-2024-42455, which allows arbitrary file deletion by authenticated users. Similar flaws may persist due to the software’s large codebase and weak authentication controls.Attackers could potentially exploit the flaw using modified proof-of-concept code. Veeam’s prior patches relied on block-listing, but deeper structural fixes may be needed.

3. Recent Langflow Vulnerability Exploited by Flodrix Botnet

Threat actors are exploiting CVE-2025-3248, a recently patched vulnerability in Langflow, to deploy the Flodrix botnet. The flaw—added to CISA’s KEV catalog in May—allows unauthenticated remote attackers to execute arbitrary code.

Langflow, a low-code AI workflow platform with over 70,000 GitHub stars, patched the issue in version 1.3.0 released in April. Proof-of-concept (PoC) exploits emerged shortly after, and attackers began scanning for exposed instances.

Trend Micro says the attackers use PoC exploits to gain shell access, perform reconnaissance, and then download and execute Flodrix malware. Once active, the bot connects to a command-and-control (C&C) server to await DDoS commands. Flodrix is an evolution of the LeetHozer malware, featuring enhanced obfuscation, new attack types, and stealth techniques to avoid detection.

GreyNoise has observed over 370 IPs exploiting the flaw, with Censys reporting 1,600 internet-exposed Langflow instances as of mid-June.

4. PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments

Researchers  have uncovered multiple malware-laced npm packages—such as eslint-config-airbnb-compat, ts-runtime-compat-check, and solders—designed to execute remote code and deliver layered payloads. These packages, now removed, were downloaded thousands of times.

One package used obfuscated scripts and Unicode tricks to install Pulsar RAT, a variant of Quasar RAT, hiding payloads within PNG image pixels. Another triggered code via a post-install script, running a PowerShell command that fetched further malware while evading detection.

Separately, Socket identified cryptocurrency-focused threats—stealers, drainers, and clippers—targeting blockchain projects. AI-assisted coding also introduced risks like slopsquatting, where LLMs hallucinate fake package names that attackers exploit by registering real ones.

Additionally, JFrog discovered chimera-sandbox-extensions on PyPI, a red teaming tool disguised as a helper module. It targeted developer credentials, CI/CD tokens, and macOS JAMF data, using domain generation and staged payloads for stealth.