CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

🚨 We detected malicious OpenVSX releases of Aqua Trivy (1.8.12 & 1.8.13) that injected natural-language prompts to weaponize local AI coding agents.

1 Posts 1 Posters 1 Views

S This user is from outside of this forum
S This user is from outside of this forum
socketsecurity@fosstodon.org

wrote last edited by

#1

We detected malicious OpenVSX releases of Aqua Trivy (1.8.12 & 1.8.13) that injected natural-language prompts to weaponize local AI coding agents.
The releases occurred during a broader AI-powered attack targeting #OSS projects.
Full analysis ↓
https://socket.dev/blog/unauthorized-ai-agent-execution-code-published-to-openvsx-in-aqua-trivy-vs-code-extension
1 Reply Last reply
1
0
R relay@relay.infosec.exchange shared this topic

Log in to reply