Skip to content
The Nexus
DossierENTITY

GlassWorm

Coverage of GlassWorm in the Nexus archive.

Earliest in view: Apr 10 · 13:23 UTCMost recent: May 27 · 11:48 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 27 · 11:48 UTCTHE HACKER NEWS
    GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

    CrowdStrike, Google, and the Shadowserver Foundation disrupted all command-and-control channels of GlassWorm, a malware campaign targeting software developers via malicious packages and extensions since early 2025. The takedown disrupted a persistent supply chain attack infrastructure.

  • SECURITYApr 28 · 14:59 UTCDARK READING
    Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

    Attackers are distributing malicious VS Code extensions via Open VSX, exploiting supply chain vulnerabilities to spread self-propagating malware. The campaign involves seeding seemingly benign extensions that act as vectors for malware propagation.

  • SECURITYApr 27 · 11:23 UTCTHE HACKER NEWS
    Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

    Cybersecurity researchers discovered 73 fake Microsoft Visual Studio Code extensions on the Open VSX repository linked to the GlassWorm v2 malware campaign. The malicious extensions, cloned from legitimate ones, include six confirmed to deliver malware.

  • SECURITYApr 10 · 13:23 UTCTHE HACKER NEWS
    GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

    The GlassWorm campaign has evolved with a new Zig dropper designed to infect multiple developer IDEs. Researchers identified the threat in a malicious Open VSX extension named 'specstudio.code-wakatime-activity-tracker,' which disguises itself as the legitimate WakaTime tool.