InfoWorld

How GlassWorm wormed its way back into developers’ code — and what it says about open source security

Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...

Malware Still Active: GlassWorm Found Again in Open-VSX Packages

Further instances of the malware, which steals credentials and cryptocurrency, have appeared on Open VSX and aim to establish ...
Cryptopolitan on MSN

3 VS Code extensions stealing credentials for GitHub, VSX, and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...

Gootloader malware is back with new tricks after 7-month break

The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to ...
The Hacker News

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code ...

GlassWorm malware returns on OpenVSX with 3 new VSCode extensions

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with ...

Gootloader malware returns with fake NDA scam - here's what we know

The Gootloader malware scam, which was thought to have been disrupted and shut down in March 2025, has returned with both old ...

An incredibly popular JavaScript library might have some worrying malware issues

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to ...