#open-vsx

[ follow ]
#malware #glassworm #cybersecurity #malicious-extensions #supply-chain-attacks #fraudulent-extensions
#malware
fromInfoWorld
3 days ago
Information security

More fake extensions linked to GlassWorm found in Open VSX code marketplace

73 new fraudulent extensions have been added to the Open VSX marketplace, continuing supply chain attacks that download GlassWorm malware.
fromThe Hacker News
5 months ago
Information security

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

A malicious Open VSX extension (juan-bianco.solidity-vlang) contains a SleepyDuck remote access trojan that uses Ethereum contracts for resilient command-and-control and exfiltrates system data.
Information security
fromInfoWorld
3 days ago

More fake extensions linked to GlassWorm found in Open VSX code marketplace

73 new fraudulent extensions have been added to the Open VSX marketplace, continuing supply chain attacks that download GlassWorm malware.
more#malware
Information security
fromSecurityWeek
3 days ago

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.
fromThe Hacker News
1 month ago

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

"The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'... So when scanners failed under load, Open VSX treated it as 'nothing to scan for' and waved the extension right through."
Information security
Information security
fromThe Hacker News
2 months ago

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

The Eclipse Foundation will require pre-publish security checks on Open VSX Registry VS Code extensions to proactively prevent malicious or compromised extensions.
fromThe Hacker News
2 months ago

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm malware loader, These extensions had previously been presented as legitimate developer utilities (some first published more than two years ago) and collectively accumulated over 22,000 Open VSX downloads prior to the malicious releases.
Information security
Information security
fromThe Hacker News
3 months ago

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

AI-powered VS Code forks recommend non-existent Open VSX extensions, enabling attackers to register those namespaces and publish malicious packages that compromise developers.
[ Load more ]