Tzurielweisberg

**Name of the Vulnerable Software and Affected Versions** Trivy Vulnerability Scanner VS Code Extension version 1.8.12 **Description** The Trivy Vulnerability Scanner VS Code extension was compromised with malicious code in version 1.8.12, distributed through the OpenVSX marketplace. This malicious code was designed to collect and exfiltrate sensitive information by leveraging a local AI coding agent. The compromised artifact has been removed from the marketplace, and no other affected artifacts have been identified. **Recommendations** Immediately remove Trivy VSCode Extension version 1.8.12. Rotate environment secrets.