InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
winbuzzer.com

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

A supply chain attack campaign is spreading invisible malicious code across GitHub, npm, and the VS Code extension marketplace, with more than 151 compromised repositories identified so far. According ...