GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Foto: The Hacker News
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive
More from Security
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
Related Articles
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
Apr 6
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Apr 6
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Apr 6