Open VSX
Coverage of Open VSX in the Nexus archive.
- Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
Attackers are distributing malicious VS Code extensions via Open VSX, exploiting supply chain vulnerabilities to spread self-propagating malware. The campaign involves seeding seemingly benign extensions that act as vectors for malware propagation.
- New Checkmarx supply-chain breach affects KICS analysis tool
Hackers compromised Docker images, VSCode, and Open VSX extensions for Checkmarx's KICS analysis tool to steal sensitive data from developer environments. The breach exploits the supply chain to harvest information from affected systems.
- GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
The GlassWorm campaign has evolved with a new Zig dropper designed to infect multiple developer IDEs. Researchers identified the threat in a malicious Open VSX extension named 'specstudio.code-wakatime-activity-tracker,' which disguises itself as the legitimate WakaTime tool.