Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer’s resources to push malicious updates to downstream users.”On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html
