BlackBox AI, a popular VS Code coding assistant, has a critical indirect prompt injection vulnerability. Hackers can exploit this to gain remote root access to a user’s computer.
Latest VS Code update introduces prepackaged bundles of chat customizations that can include skills, commands, agents, MCP servers, and hooks.
Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results