SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln;
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 27 June 2025
⏱️ 7 minutes
🧾️ Download transcript
Summary
Open-VSX Flaw Puts Developers at Risk
A flaw in the open-vsx extension marketplace could have let to the compromise of any extension offered by the marketplace.
https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44
Bluetooth Vulnerability Could Allow Eavesdropping
A vulnerability in the widely used Airoha Bluetooth chipset can be used to compromise devices and use them for eavesdropping.
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
Critical Cisco Identity Services Engine Vulnerability
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Friday, June 27, 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:08.2 | My name is Johannes Ulrich, and this episode brought you by the Sands.edu graduate certificate program in Purple Team Operations is recorded in Stockholm, Germany. |
| 0:20.1 | Well, we got a big supply chain security story to start out with today. |
| 0:25.3 | This story was broken by Koi Security. |
| 0:29.2 | The problem here is the use of Visual Studio Code clones. |
| 0:34.9 | Now, Visual Studio Code, of course, Microsoft product. It comes with its own |
| 0:39.7 | extension store. And this extension store has had issues in the past. We talked about this |
| 0:45.6 | here in this podcast a couple times. But there are a couple clones, like, for example, cursor, |
| 0:51.3 | the editor used a lot with AI projects. |
| 0:56.1 | And the cursor, because it's not a Microsoft product, |
| 0:59.2 | but it is a clone of Visual Studio code, |
| 1:02.6 | cannot use the official Microsoft extension store. |
| 1:06.5 | In order to fix this, well, we have OpenBSX. OpenVsX is an extension store for all these different Visual Studio code clones that cannot use the official Microsoft store. |
| 1:20.6 | The problem with OpenVSX was that they had two different ways how an developer could update an extension. |
| 1:30.9 | One is where basically just upload the extension to them, but then there's another |
| 1:35.3 | a little bit more convenient way of doing it where they're auto-updated. And you basically |
| 1:41.1 | just add your extension to the list of extensions for OpenVSX to auto-update, |
| 1:46.9 | and then whenever it recognizes there is a new version, it will download your extensions, |
| 1:52.2 | and then it will run NPM install. |
| 1:55.5 | And that's where the problem happens. |
| 1:58.0 | With NPM install, the GitHub action that OpenBSX uses to update the extensions. |
| 2:04.3 | Well, it's actually executing code provided by the developer of the extension. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.