GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

📅 10 April 2026 at 13:23 UTC📰 The Hacker NewsView original source ↗

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

The GlassWorm campaign has evolved to use a Zig dropper in an Open VSX extension to infect multiple developer IDEs, compromising the security of developers' machines. This new technique highlights the ongoing threat of targeted attacks on software development environments.

⚙️Technical Details

Affected Systems

Integrated Development Environments (IDEs)

Attack Vectors

Open VSX extensionSpecStudio Code-Wakatime Activity Tracker

💥Impact Assessment

Severity: H

Who Is at Risk

Developers using affected IDEs and extensions

🛡️Recommended Actions

1Regularly update and patch software development tools

2Use antivirus software to monitor for suspicious activity

3Implement strict access controls for developer accounts

📦Affected Products

SpecStudio Code-Wakatime Activity TrackerWakaTime

Read the full article

This is a curated summary. The complete article is available at The Hacker News.

Read on The Hacker News ↗

← Back to feed