GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...

MAL-2025-186556 Malicious code in dependencies-nova-meteor-mira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501435bf55002173c8f7d5b4c21b3d56892072239bd53de9e1caee62f283e9cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...