GlassWorm supply-chain attack hits 72 VS Code extensions and 151 GitHub repos
by Artem Safonov
A supply-chain operation planted 72 malicious VS Code extensions on Open VSX using transitive dependencies that bypass initial review. The same GlassWorm threat actor injected Unicode payloads into 151 GitHub repos with LLM-generated cover commits.
Read more →