[URGENT] Security Concerns in Code Paint

Hello Ducky Software Developer Community,

Recap:

Recently some messages came out from the @supportducks support account for Ducky Software on X about potential security issues in Code Paint (formally Pango Themes) we advised users to remove Code Paint and it's config files from there machine if they had it in installed. The version in question that was affected was a legacy version of Code Paint which had been posted on GitHub as was no longer being maintained, for this reason we kindly ask you to check the config file in question, you can do this Pressing: Crl + Shift + P (Windows) or CMD + Shift + P (Mac) and enter Open User Settings (JSON) in the text box. If the Code Paint version has the following comment "//COPY AND PASTE FROM FIRST BRACKET" in means that it was a legacy manual install of Code Paint (formally Pango Themes) as our automated install tool no longer requires the user to copy & paste. If this is the case please delete the config file IMMETAILITY your version is affected.

What happened?:
This is the fault of a old and outdated API that the legacy version of Code Paint used and relies upon for auto-correct and typing management (we are remaining tight lipped for now as to not expose the bug).

What is Ducky Software doing to insure this does not happen in the future:

Effective as of 1:00 PM EST, 2024-10-25 all versions of Code Paint will be removed from any and all public sources including GitHub, Our website, GitLab, Forums and partner sites, and all versions will be subject to a multi-week, in-depth deep dive by our staff and trusted members of our community along with contractors and members of The Ducky Software Incident and Crisis Response Team. If you are using any version of Code Paint we highly recommend uninstalling it until it get's the green light by our team(s) which will be stated in another blog post at some point in the future (were hoping for 2-3 weeks down the road)

A heartfelt statement to the press & community:

Ducky Software is committed to insuring the safety and security of our developer community hence why we have taken the steps above, some may call this overkill but it is what we feel is needed to maintain our tools and the security and safety of our developer community. We recognize the severity of this issue on our part this was a major screw up and for that we take full responsibility. We hope that our amazing community understands what happened, joins us for this wild ride over the next few weeks and continues to trust us and our products and services.
Developers you are in many ways the backbone of the computer science world, thank you for trusting us. We know we screwed this up and we can only hope that through our actions today you can trust in us once again to make things right. Thank you developers, we love you.

All the best from Ducky Software and Inky Cyber

written using advice from ducky software community members