Two harmful extensions on the Visual Studio Code Marketplace, Bitcoin Black and Codo AI, steal sensitive information from developers' machines. They can capture screenshots, credentials, and hijack browser sessions, and were published under the name 'BigBlack.' Microsoft has since removed both extensions from the marketplace.

Elastic Security Labs reports on the misuse of SHELLTER, a commercial evasion framework, by threat groups for infostealer campaigns since April 2025. The framework's advanced capabilities allow malicious actors to evade detection by anti-malware solutions, prompting the release of a dynamic unpacker by Elastic Security Labs to analyze SHELLTER-protected binaries. Key features include polymorphic obfuscation, payload encryption, and mechanisms to bypass detection systems.