MalwareDark Reading
9.0 — CRITICAL
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Attackers are spreading self-propagating malware through Open VSX by distributing benign-looking VS Code extensions, targeting developers and potentially compromising software supply chains.
⚙️Technical Details
Affected Systems
Open VSX
Attack Vectors
VS Code extensions
💥Impact Assessment
Severity: critical
Who Is at Risk
Developers and organizations using Open VSX with vulnerable VS Code extensions
🛡️Recommended Actions
1Regularly update and patch VS Code extensions from trusted sources.
2Monitor Open VSX for suspicious activity and report any issues promptly.
3Implement strict access controls and review permissions for VS Code extensions.
📦Affected Products
VS Code
Read the full article
This is a curated summary. The complete article is available at Dark Reading.