MUST READ

North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

 | 

QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

 | 

Pro-Iranian Nasir Security is targeting energy companies in the Gulf

 | 

44 Aqua Security repositories defaced after Trivy supply chain breach

 | 

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

 | 

International police Operation Alice take down 373,000 dark web sites exploiting children

 | 

Russia-linked actors target WhatsApp and Signal in phishing campaign

 | 

Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager

 | 

U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

 | 

Security Affairs newsletter Round 568 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

WorldLeaks ransomware group breached the City of Los Angels

 | 

PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

 | 

7,500+ Magento sites defaced in global hacking campaign

 | 

Navia data breach impacts nearly 2.7 Million people

 | 

Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

 | 

Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators

 | 

French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure

 | 

Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

 | 

U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

 | 

StoatWaffle malware

Pierluigi Paganini March 24, 2026
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Contagious Interview campaign is spreading StoatWaffle malware through malicious Microsoft Visual Studio Code projects. Since late 2025, they have abused the “tasks.json” auto-run feature in Microsoft […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

Security / March 24, 2026

QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

Security / March 23, 2026

Pro-Iranian Nasir Security is targeting energy companies in the Gulf

Cyber warfare / March 23, 2026

44 Aqua Security repositories defaced after Trivy supply chain breach

Uncategorized / March 23, 2026

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Malware / March 23, 2026