> TritonInfoSec News
Home / Mar 24, 2026 / Story
0
#5 The Hacker News general March 23, 2026 at 18:09 UTC

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

By [email protected] (The Hacker News)

AI Summary

North Korean WaterPlum threat actors deployed StoatWaffle malware through malicious VS Code projects using "tasks.json" auto-run features since December 2025. This technique represents a novel abuse of legitimate developer tools to execute malware automatically when projects are opened in Visual Studio Code.

Read full article → https://thehackernews.com/2026/03/north-korean-hac…

Relevance score: 86.0/100

# More from March 24

  1. 1
    Hacker walks away with $24.5 million after breaching Resolv DeFi platform The Record
  2. 2
    Trivy Supply Chain Attack Targets CI/CD Secrets Dark Reading
  3. 3
    Trivy supply-chain attack spreads to Docker, GitHub repos BleepingComputer
  4. 4
    TeamPCP deploys Iran-targeted wiper in Kubernetes attacks BleepingComputer
  5. 6
    Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems The Hacker News
  6. 7
    Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability SecurityWeek
  7. 8
    Education company Kaplan reports data breach impacting more than 230,000 The Record
  8. 9
    Crunchyroll probes breach after hacker claims to steal 6.8M users' data BleepingComputer
  9. 10
    FBI warns of Handala hackers using Telegram in malware attacks BleepingComputer