Sat Nov 08 09:20:00 UTC 2025: Here’s a news article summarizing the key information from the provided text:

AI-Assisted Ransomware Experiment Surfaces on Microsoft’s VS Code Marketplace

[City, State] – A seemingly rudimentary ransomware extension, potentially crafted with the aid of artificial intelligence, was briefly available on Microsoft’s official VS Code marketplace. Dubbed “susvsex” and published under the name ‘suspublisher18,’ the extension brazenly advertised its malicious capabilities in its description, including file theft and AES-256-CBC encryption.

Security researcher John Tuckner of Secure Annex discovered the extension, characterizing it as an unsophisticated product of “vibe coding.” Despite Tuckner reporting the extension and its explicit description, Microsoft initially failed to remove it, raising concerns about their vetting process.

The extension, once activated (upon installation or VS Code launch), initiates a function that checks for a marker file and begins its encryption routine. It creates a .ZIP archive of files in a target directory, exfiltrates them to a hardcoded command-and-control (C2) address, and replaces the original files with encrypted versions. The extension also polls a private GitHub repository, likely based in Azerbaijan according to Tuckner, for commands to execute.

Secure Annex has labeled “susvsex” as “AI slop,” highlighting the ease with which it could be tweaked to become a more potent threat. While the extension was available at the time of initial reporting, it has since been removed from the VS Code marketplace. This incident raises questions about the potential for AI to lower the barrier to entry for malicious actors and the vigilance of software marketplaces. BleepingComputer has reached out to Microsoft for comment.

Additional Cybersecurity News:

  • Nevada Government Hit by Ransomware: A ransomware attack recently crippled systems belonging to the Nevada state government.
  • Critical Cisco UCCX Flaw: A vulnerability in Cisco Unified Contact Center Express (UCCX) allows attackers to execute commands as root.
  • Gootloader Returns: The Gootloader malware is back in action after a seven-month hiatus, employing new techniques.
  • AI-Powered Malware on the Rise: Google is warning of new AI-powered malware families being deployed in the wild.
  • Other vulnerabilities Multiple Software security vulnerabilities, and leaks are reported including Microsoft BitLocker issues, Hyundai AutoEver America data breach exposing sensitive information.

    Read More