Lucene search
K

16 matches found

The Hacker News
The Hacker News
added 2026/05/27 11:48 a.m.27 views

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/27 11:23 a.m.10 views

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code VS Code extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/10 1:23 p.m.5 views

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments IDEs on a developer's machine. The technique has been discovered in an Open VSX extension...

6.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/30 7:1 a.m.18 views

A week in security (March 23 – March 29)

Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/25 2:26 p.m.5 views

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan RAT, which deploys an information-stealing Google Chrome extension masquerading as an offline version of...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/16 7:37 p.m.7 views

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...

6.3AI score
Exploits0
Snyk
Snyk
added 2026/03/15 11:0 p.m.5 views

Embedded Malicious Code

Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/03/14 10:0 p.m.3 views

Malicious Package

Overview @aifabrix/miso-client is a malicious package. This package was affected by the 'GlassWorm' supply chain attack. It includes a hidden malicious payload embedded with invisible Unicode characters. These characters hide a decoder that retrieves and executes a concealed payload through eval...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/14 10:0 p.m.6 views

Malicious Package

Overview @iflow-mcp/watercrawl-watercrawl-mcp is a malicious package. This package was affected by the 'GlassWorm' supply chain attack. It includes a hidden malicious payload embedded with invisible Unicode characters. These characters hide a decoder that retrieves and executes a concealed payloa...

9.8CVSS5.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/03/14 12:55 p.m.9 views

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 5:4 a.m.6 views

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/02 3:1 p.m.7 views

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first documented in...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/10 8:51 a.m.10 views

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code VS Code ecosystem. The extensions in question, which are still available for download, are listed...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/31 8:2 a.m.8 views

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code VS Code extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/24 7:0 a.m.12 views

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code VS Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed...

7.3AI score
Exploits0
HackRead
HackRead
added 2025/10/23 10:22 a.m.11 views

GlassWorm Malware Targets Developers Through OpenVSX Marketplace

GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control...

7.2AI score
Exploits0
Rows per page
Query Builder