Threat actors compromised the Aqua Trivy VS Code extension on OpenVSX by publishing malicious versions 1.8.12 and 1.8.13 on February 27-28, 2026. These versions injected prompts to hijack local AI coding tools for system reconnaissance and data exfiltration. Aqua Trivy is a popular open-source vulnerability scanner with a VS Code extension, hosted on OpenVSX under […] The post Cyberattackers Exploit OpenVSX Aqua Trivy with Malicious AI Prompts to Hijack Coding Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/openvsx-aqua-trivy/
