criticalOther UnknownPublish anonymously
GlassWorm supply chain — 72 malicious VSCode extensions, 9 million installs
by Publish anonymously · 2 days agoviews 0en
PII protected
Personal information such as emails, phone numbers, IDs and access tokens are automatically masked before publication.
Supply chain campaign targeting developers via 72 malicious OpenVSX extensions and 151+ GitHub repositories. 9 million installs. 433 compromised components. Used invisible Unicode characters to encode payloads. Targeted crypto wallets, credentials, SSH keys. Extensions mimicked AI coding assistant tools.