The New OilApr 28

#GlassWorm #malware attacks return via 73 #OpenVSX "sleeper" extensions

https://www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/

#cybersecurity

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update.

BleepingComputer
(in)sicurezza digitaleApr 26

GlassWorm muta ancora: 73 estensioni “sleeper” su Open VSX pronte a svegliarsi come malware

La campagna GlassWorm torna con 73 nuove estensioni dormanti sul marketplace Open VSX. Socket ha rilevato nuove attivazioni malware da estensioni che erano parse innocue per settimane: un escalation preoccupante per l'intera pipeline di sviluppo software.

https://insicurezzadigitale.com/glassworm-muta-ancora-73-estensioni-sleeper-su-open-vsx-pronte-a-svegliarsi-come-malware/

CyberVeille.chApr 26

📢 73 extensions Open VSX dormantes liées à GlassWorm activent une nouvelle campagne malveillante
📝 ## 🗓️ Contexte

Publié le 26 avril 2026 sur CyberAccord, cet ar...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-26-73-extensions-open-vsx-dormantes-liees-a-glassworm-activent-une-nouvelle-campagne-malveillante/
🌐 source : https://www.cyberaccord.com/73-open-vsx-sleeper-extensions-linked-to-glassworm-activate-new-malware-campaign/
#GlassWorm #GlassWorm_loader #Cyberveille

73 extensions Open VSX dormantes liées à GlassWorm activent une nouvelle campagne malveillante

🗓️ Contexte Publié le 26 avril 2026 sur CyberAccord, cet article rapporte l’escalade de l’opération GlassWorm, une campagne de supply chain ciblant le marketplace Open VSX (alternative open source au VS Code Marketplace). Cette vague fait suite à une première découverte en mars 2026 de 72 extensions malveillantes liées à la même opération. 🎯 Stratégie des extensions dormantes (Sleeper Extensions) Les attaquants publient des extensions initialement inoffensives pour gagner en crédibilité et accumuler des téléchargements avant de les weaponiser via une mise à jour malveillante. Les techniques employées incluent :

CyberVeille
CyberVeille.chApr 12

📢 GlassWorm : un dropper Zig infecte tous les IDE compatibles VS Code via une fausse extension WakaTime
📝 ## 🔍 Contexte

Publié le 8 avril 2026 par Aikido Security, cet article présente...
📖 cyberveille : https://cyberveille.ch/posts/2026-09-04-glassworm-un-dropper-zig-infecte-tous-les-ide-compatibles-vs-code-via-une-fausse-extension-wakatime/
🌐 source : https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine
#GlassWorm #GlassWorm_RAT #Cyberveille

securityaffairsApr 11
#GlassWorm evolves with Zig dropper to infect multiple developer tools
https://securityaffairs.com/190638/malware/glassworm-evolves-with-zig-dropper-to-infect-multiple-developer-tools.html
#securityaffairs #hacking #malware
GlassWorm evolves with Zig dropper to infect multiple developer tools

The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems.

Security Affairs
securityaffairsApr 11
#GlassWorm evolves with Zig dropper to infect multiple developer tools
https://securityaffairs.com/190638/malware/glassworm-evolves-with-zig-dropper-to-infect-multiple-developer-tools.html
#securityaffairs #hacking #malware
GlassWorm evolves with Zig dropper to infect multiple developer tools

The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems.

Security Affairs
The Threat CodexApr 11
GlassWorm goes native: New Zig dropper infects every IDE on your machine
#GlassWorm
https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine
GlassWorm goes native: New Zig dropper infects every IDE on your machine

GlassWorm deploys a Zig-based native dropper hidden within a fake extension, silently compromising VS Code, Cursor, VSCodium, and other IDEs.

(in)sicurezza digitaleApr 11

GlassWorm: il worm che infetta tutti gli IDE tramite un’estensione OpenVSX contraffatta

Un dropper compilato in Zig si propaga da un'estensione fake WakaTime su OpenVSX verso tutti gli IDE VS Code-compatibili presenti sulla macchina, deployando un RAT con C2 su blockchain Solana e un'estensione Chrome per il furto di sessioni. Analisi tecnica completa della campagna GlassWorm.

https://insicurezzadigitale.com/glassworm-il-worm-che-infetta-tutti-gli-ide-tramite-unestensione-openvsx-contraffatta/

mecambioaMac Apr 8

El malware GlassWorm ataca a los Mac con monederos de criptomonedas

#ciberseguridad #AppleSecurity #GlassWorm

https://mecambioamac.com/el-malware-glassworm-ataca-a-los-mac-con-monederos-de-criptomonedas/

El malware GlassWorm ataca a los Mac con monederos de criptomonedas

El malware "GlassWorm" está dirigido a desarrolladores de macOS con extensiones maliciosas para VSCode/OpenVSX para robo en monederos de criptomonedas

mecambioaMac
13Mar 30
ForceMemo: malware ukrywany w repozytoriach przez force-push https://sekurak.pl/forcememo-malware-ukrywany-w-repozytoriach-przez-force-push/ #Aktualnoci #Github #Glassworm #Malware
ForceMemo: malware ukrywany w repozytoriach przez force-push

Badacze bezpieczeństwa z StepSecurity odkryli nową kampanię malware, w której atakujący przejmuje masowo konta programistów na GitHub i wstrzykuje złośliwe oprogramowanie do setek repozytoriów. Pierwszą aktywność odnotowano 8 marca 2026 roku, ale według ustaleń badaczy kampania wciąż trwa i przejmowane są kolejne repozytoria. Kampania – nazwana przez badaczy ForceMemo –...

Sekurak