Cybersecurity researchers have identified a malicious extension in the Open VSX registry that contains a remote access trojan named SleepyDuck. The extension, identified as juan-bianco.solidity-vlang (version 0.0.7), was initially released on October 31, 2025, as a benign library but was updated to version 0.0.8 on November 1, embedding harmful functionalities. This highlights ongoing vulnerabilities within software ecosystems and the importance of vigilance against such threats. Users are urged to verify the integrity of extensions before installation to mitigate risks.
Want More Context? 🔎
