A large-scale malicious campaign tied to GlassWorm has expanded within the ecosystem of open VSX extensions, introducing a method of spreading malware through developer tools. Researchers identified at least 72 additional malicious open VSX extensions beginning January 31, 2026, including several that function as transitive GlassWorm loader extensions aimed at developers.
First seen on thecyberexpress.com
Jump to article: thecyberexpress.com/glassworm-malicious-campaign/
