In the developer community, security threats are increasing, with recent examples including a backdoored .NET development tool and a North Korean entity's social engineering campaign. Developers' access to intellectual property assets makes them an attractive target for cybercriminals, who can compromise a company's products by embedding malicious code into a single developer's system. Security researchers recently discovered vulnerabilities in various tools used by developers, which could be exploited by threat actors. The risks include the execution of arbitrary commands upon access to a malicious folder planted on the victim's system, particularly when using Git integrations in terminals and code editors. The vulnerabilities can allow attackers to bypass security features and execute unintended commands without user knowledge or consent. To mitigate this risk, users should disable SCM prompts when dealing with untrusted data, set specific variables to temporarily disable them, or use alternative Git implementations that may not support the exploited feature. Popular IDEs like Visual Studio Code, JetBrains IDEs suite, and GitHub Atom are also vulnerable due to their integration of Git extensions without proper user consent or awareness. The fix is available in updated versions of these tools, including Visual Studio Code 1.63.2 and JetBrains IntelliJ 2021.3.1.