The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, enabling near-frictionless compromise.
North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and enabling remote control.
The title (“Hello Forge”) and icon are shown under the “Apps” section in the project menu. By clicking that entry, Jira opens a new internal page that loads the content defined in the src/index.jsx ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results