Best Of
Re: Our Business Change and Adoption toolkit
Really enjoyed reading this. It’s great to see such a strong focus on feedback loops and making sure changes genuinely work after delivery. It really comes across as a thoughtful and people‑first approach to delivery. 👏
VS Code and Browser Extension Malware Targets Developers Through AI Tools and Stanley Kit
Observed in the wild
- MaliciousCorgi, a campaign discovered in January 2025, deployed malicious VS Code extensions disguised as AI coding assistants (including "ChatGPT – 中文版" and "ChatMoss (CodeMoss)") that infected approximately 1.5 million developers globally. Separately, the Stanley malware kit has been active since 2023, targeting developers through trojanised extensions. Both campaigns exfiltrated sensitive data including authentication tokens, cookies, session credentials, clipboard contents, and source code from platforms like GitHub, GitLab, and AWS.
- MaliciousCorgi extensions masqueraded as legitimate AI productivity tools on Chrome Web Store and Edge Add-ons, using obfuscated JavaScript to steal credentials and inject malicious code into GitHub repositories for supply chain attacks. Stanley operators employed phishing sites mimicking legitimate services, SEO poisoning, and malvertising to distribute extensions that captured keystrokes, screenshots, and credential data. Both campaigns utilised command-and-control infrastructure to exfiltrate stolen data to attacker-controlled servers.
- Organisations should audit, restrict, and continuously monitor both VS Code extensions and browser extensions, as each represents a viable attack surface. Particular attention should be paid to AI‑themed coding tools and productivity add‑ons across both platforms. Enable Microsoft Defender browser extension controls and SmartScreen filtering to limit exposure to malicious or untrusted extensions. Enforce application control policies to prevent unauthorised extension installation in development environments and browsers alike. Monitor for anomalous authentication behaviour, unauthorised repository access, and data exfiltration attempts.
Malicious VS Code AI Extensions Harvesting Code from 1.5M Devs
Stanley — A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee
ShinyHunters escalate vishing-led extortion across tech and telecoms
Observed in the wild
- In February, the ShinyHunters-linked activity targeted Optimizely, a global ad‑tech firm, via a contained breach of internal business systems, and Dutch telecoms provider Odido, where attackers exfiltrated customer contact data affecting ~6.2 million users, later claiming up to 21 million records. Both incidents involved data theft followed by extortion threats
- ShinyHunters used aggressive social engineering, notably voice phishing (vishing), to harvest SSO and MFA credentials, enabling access to SaaS platforms such as Salesforce and Zendesk. At Odido, attackers accessed customer contact systems and attempted double‑extortion via a dark‑web leak site, pressuring the victim with data‑release threats.
- Organisations are advised to harden identity security: enforce phishing‑resistant MFA, enable Microsoft Defender for Identity to detect anomalous credential use, monitor Defender for Cloud Apps for unusual SaaS access, and deploy Defender XDR alerts for vishing‑linked account takeover behaviours.
Odido informs customers of cyber attack
ShinyHunters extortion gang claims Odido breach affecting millions
Ad Tech Company Optimizely Targeted in Cyberattack - SecurityWeek
TeamPCP Supply‑Chain Attack Backdoors LiteLLM Python Package
Observed in the wild
- On 24 March, Endor Labs identified malicious code in LiteLLM versions 1.82.7 and 1.82.8 published to PyPI. LiteLLM is a widely used LLM proxy library with around 95 million monthly downloads. Any environment installing these versions, including CI/CD pipelines and Kubernetes clusters, was at risk of full credential compromise. Both versions were removed; 1.82.6 is the last confirmed clean release.
- The attack is attributed with high confidence to TeamPCP, a supply‑chain threat actor. Malicious code was injected during package build, not in GitHub source. The payload executed on import and, in 1.82.8, on every Python start via a .pth file. The malware harvested cloud, Kubernetes and developer credentials, deployed privileged Kubernetes pods for lateral movement, and installed a persistent systemd backdoor communicating with attacker‑controlled infrastructure.
- Organisations are advised to identify and remove LiteLLM 1.82.7 and 1.82.8, rotate all secrets accessible on affected hosts, and treat impacted systems as compromised. Use Microsoft Defender for Cloud to hunt for anomalous Python subprocess execution, credential access, and unexpected Kubernetes privileged pods. Monitor for outbound traffic to known C2 domains and persistence indicators, and pin Python dependencies to verified source builds only.