#glassworm — Public Fediverse posts

#GlassWorm #malware attacks return via 73 #OpenVSX "sleeper" extensions

https://www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/

#cybersecurity

GlassWorm muta ancora: 73 estensioni “sleeper” su Open VSX pronte a svegliarsi come malware

https://insicurezzadigitale.com/glassworm-muta-ancora-73-estensioni-sleeper-su-open-vsx-pronte-a-svegliarsi-come-malware/

GlassWorm goes native: New Zig dropper infects every IDE on your machine
#GlassWorm
https://www.aikido.dev/blog/glassworm-zig-dropper-infects-every-ide-on-your-machine

GlassWorm: il worm che infetta tutti gli IDE tramite un’estensione OpenVSX contraffatta

https://insicurezzadigitale.com/glassworm-il-worm-che-infetta-tutti-gli-ide-tramite-unestensione-openvsx-contraffatta/

ForceMemo: malware ukrywany w repozytoriach przez force-push

Badacze bezpieczeństwa z StepSecurity odkryli nową kampanię malware, w której atakujący przejmuje masowo konta programistów na GitHub i wstrzykuje złośliwe oprogramowanie do setek repozytoriów. Pierwszą aktywność odnotowano 8 marca 2026 roku, ale według ustaleń badaczy kampania wciąż trwa i przejmowane są kolejne repozytoria. Kampania – nazwana przez badaczy ForceMemo –...

#Aktualności #Github #Glassworm #Malware

https://sekurak.pl/forcememo-malware-ukrywany-w-repozytoriach-przez-force-push/

The most interesting supply chain attack I've ever seen: #trivy

The attack is really bizarre. I learned a lot about GitHub Actions and how the attack was performed.

- https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/
- https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation
- https://ramimac.me/trivy-teampcp/#timeline
- https://snyk.io/articles/trivy-github-actions-supply-chain-compromise/

#cybersecurity #supplychain #github #glassworm #githubactions #attack #TeamPCP #c2

Der "#Glassworm" treibt immer mehr Unwesen - inside-it.ch https://www.inside-it.ch/der-glassworm-treibt-immer-mehr-unwesen-20260318 #Malware

#GlassWorm #malware hits 400+ code repos on #GitHub, #npm, #VSCode, #OpenVSX

https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/

#cybersecurity

Tiens, plot twist ! le bouzin pivote vers windows

"On March 16, a new Solana memo appeared on the published #GlassWorm wallet (28PKnu, documented by Truesec in October 2025) at 11:42 UTC with a kill-switch toggle set to OFF and a live payload URL. The campaign had reactivated. The payload was not the macOS stealer from Parts 1 and 2. It was a 202KB JavaScript file targeting Windows, bundling native DLLs, a Chrome browser extension disguised as "Google Docs Offline", a DPAPI credential dumper, and exfiltration to a previously unseen server."
👇
https://codeberg.org/tip-o-deincognito/glassworm-writeup/src/branch/main/PART3.md

https://winbuzzer.com/2026/03/16/glassworm-invisible-unicode-supply-chain-attack-github-npm-vscode-xcxwbn/

Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

#GitHub #Cybersecurity #Malware #VSCode #npm #OpenSource #Developers #SoftwareDevelopment #Cybercrime #Hackers #SecurityVulnerabilities #Microsoft #Software #BigTech #VSCodeExtension #GlassWorm #OpenVSX

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories
#GlassWorm
https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode

🚨 Oh no! The dreaded #Glassworm is back, like a transparent hacker on a mission to confuse developers with invisible #Unicode attacks. With 150 #GitHub repositories compromised, the solution is a dizzying list of acronyms and jargon that promises to protect your code, but only if you squint hard enough to see it! 🐛🔍 #SecurityTheater
https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode #InvisibleAttacks #SecurityThreat #DeveloperConfusion #HackerNews #ngated

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories

https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode

#HackerNews #Glassworm #Invisible #Unicode #Attacks #Cybersecurity #GitHub #Repositories

When I say "IT mostly just runs in circles" I mean it: https://arstechnica.com/security/2026/03/supply-chain-attack-using-invisible-code-hits-github-and-other-repositories/

This article from 2026 describes something I've been fighting with ~17 years ago. Sure, slightly more clever payload and different delivery method, but in principle nothing new: https://github.com/MichalBryxi/Apache-fork-hack-finder-cleaner/tree/master

#Glassworm #Unicode #InvisibleCharacters #Whitespace #Hack

RE: https://infosec.exchange/@_r_netsec/116220859869337905

Waah, joli boulot.
Je me demande qui en est l’auteur.

lecture technique très intéressante.
Une analyse statique complétée par du monitoring comportementale réseau qui plonge dans les entrailles du ver infostealer macOS injecté dans un plugin VS Code lors de la campagne Glassworm v2.. 👀

C’est balaise et résilient, avec une belle répartition des tâches de vol entre AppleScript et Node.js. :amaze:

Les échantillons déobfusqués ont aussi été mis à disposition sur #malwarebazaar

https://bazaar.abuse.ch/sample/d72c1c75958ad7c68ef2fb2480fa9ebe185e457f3b62047b31565857fa06a51a/

#CyberVeille #MacSecurity #macOS #Malware #ThreatIntel #Glassworm
👇

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack https://www.securityweek.com/open-vsx-publisher-account-hijacked-in-fresh-glassworm-attack/ #SupplyChainSecurity #Malware&Threats #Macmalware #GlassWorm #malware

Glassworm malware is now coming for Macs
#GlassWorm
https://moonlock.com/self-replicating-glassworm-infecting-macs

#GlassWorm Malware Abuses Open Source Open VSX To Target #macOS Developers

https://www.opensourceforu.com/2026/01/glassworm-malware-abuses-open-source-open-vsx-to-target-macos-developers/

GlassWorm has resurfaced with 24 malicious extensions posing as popular developer tools across Visual Studio Marketplace and Open VSX. The campaign uses Rust implants, Solana-based C2, and inflated download stats to slip harmful updates into trusted environments.

This wave shows how supply-chain attacks continue evolving by blending seamlessly into developer workflows.

What protections do you think dev ecosystems should prioritize next?

Follow us for consistent, unbiased cybersecurity coverage.

#infosec #glassworm #supplychainsecurity #devsecops #vscode #openvsx #malware #threatintel #securityresearch #technadu

Glassworm's resurgence
#GlassWorm
https://secureannex.com/blog/glassworm-continued/

Unsichtbarer Wurm in Visual Studio Extensions: #GlassWorm lebt | Developer https://www.heise.de/news/Schadsoftware-weiter-aktiv-GlassWorm-erneut-in-Open-VSX-Paketen-gefunden-11073146.html #Malware

GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure
#GlassWorm
https://www.koi.ai/blog/glassworm-returns-new-wave-openvsx-malware-expose-attacker-infrastructure

GlassWorm Malware Returns to Open VSX, Emerges on GitHub https://www.securityweek.com/glassworm-malware-returns-to-open-vsx-emerges-on-github/ #ApplicationSecurity #GlassWorm #malware #OpenVSX #VSCode

GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.

https://thedefendopsdiaries.com/glassworm-malware-campaign-expands-new-platforms-sophisticated-obfuscation-and-global-impact/

#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions

GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.

https://thedefendopsdiaries.com/glassworm-malware-campaign-expands-new-platforms-sophisticated-obfuscation-and-global-impact/

#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions

GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.

https://thedefendopsdiaries.com/glassworm-malware-campaign-expands-new-platforms-sophisticated-obfuscation-and-global-impact/

#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions

GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.

https://thedefendopsdiaries.com/glassworm-malware-campaign-expands-new-platforms-sophisticated-obfuscation-and-global-impact/

#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions

GlassWorm is turning trusted VS Code extensions into stealthy attack vectors—using invisible Unicode tricks and blockchain commands to self-propagate. Could your code be next?

https://thedefendopsdiaries.com/glassworm-how-a-self-propagating-malware-exploits-vs-code-extensions-and-decentralized-technologies/

#glassworm
#vscode
#supplychainsecurity
#malware
#blockchainsecurity

GlassWorm is turning trusted VS Code extensions into stealthy attack vectors—using invisible Unicode tricks and blockchain commands to self-propagate. Could your code be next?

https://thedefendopsdiaries.com/glassworm-how-a-self-propagating-malware-exploits-vs-code-extensions-and-decentralized-technologies/

#glassworm
#vscode
#supplychainsecurity
#malware
#blockchainsecurity

GlassWorm is turning trusted VS Code extensions into stealthy attack vectors—using invisible Unicode tricks and blockchain commands to self-propagate. Could your code be next?

https://thedefendopsdiaries.com/glassworm-how-a-self-propagating-malware-exploits-vs-code-extensions-and-decentralized-technologies/

#glassworm
#vscode
#supplychainsecurity
#malware
#blockchainsecurity

GlassWorm is turning trusted VS Code extensions into stealthy attack vectors—using invisible Unicode tricks and blockchain commands to self-propagate. Could your code be next?

https://thedefendopsdiaries.com/glassworm-how-a-self-propagating-malware-exploits-vs-code-extensions-and-decentralized-technologies/

#glassworm
#vscode
#supplychainsecurity
#malware
#blockchainsecurity

GlassWorm – nowy, “niewidzialny” atak na łańcuch dostaw

W połowie września pisaliśmy o ataku na łańcuch dostaw – Shai-Hulud – który zresztą nie był jedynym w środowisku npm. Dziś mamy do czynienia z kolejną kampanią typu supply chain attack. TLDR: GlassWorm, bo o nim mowa, nie jest typowym atakiem na łańcuch dostaw. Wykorzystuje on bowiem niewidoczne znaki Unicode....

#WBiegu #Atak #Glassworm #Malware #SupplyChain

https://sekurak.pl/glassworm-nowy-niewidzialny-atak-na-lancuch-dostaw/

#OpenVSX: #EclipseFoundation @EclipseFdn zieht Konsequenzen aus #GlassWorm-Attacke | Developer https://www.heise.de/news/Open-VSX-Eclipse-Foundation-zieht-Konsequenzen-aus-GlassWorm-Attacke-10965423.html #VisualStudio

Open VSX Downplays Impact From GlassWorm Campaign https://www.securityweek.com/open-vsx-downplays-impact-from-glassworm-campaign/ #Malware&Threats #infostealer #GlassWorm #malware #OpenVSX

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.

#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #ThisWeekinSecurity #HackadayColumns #SecurityHacks #GlassWorm #ItWasDNS #CVSS

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #ThisWeekinSecurity #HackadayColumns #SecurityHacks #GlassWorm #ItWasDNS #CVSS

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #ThisWeekinSecurity #HackadayColumns #SecurityHacks #GlassWorm #ItWasDNS #CVSS

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #ThisWeekinSecurity #HackadayColumns #SecurityHacks #GlassWorm #ItWasDNS #CVSS

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS - This week, a US federal court has ruled that NSO Group is no longer allowed to use... - https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #thisweekinsecurity #hackadaycolumns #securityhacks #glassworm #itwasdns #cvss

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS - This week, a US federal court has ruled that NSO Group is no longer allowed to use... - https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #thisweekinsecurity #hackadaycolumns #securityhacks #glassworm #itwasdns #cvss

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS - This week, a US federal court has ruled that NSO Group is no longer allowed to use... - https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #thisweekinsecurity #hackadaycolumns #securityhacks #glassworm #itwasdns #cvss

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS - This week, a US federal court has ruled that NSO Group is no longer allowed to use... - https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #thisweekinsecurity #hackadaycolumns #securityhacks #glassworm #itwasdns #cvss

This Week in Security: Court Orders, GlassWorm, TARmageddon, and It was DNS - This week, a US federal court has ruled that NSO Group is no longer allowed to use... - https://hackaday.com/2025/10/24/this-week-in-security-court-orders-glassworm-tarmageddon-and-it-was-dns/ #thisweekinsecurity #hackadaycolumns #securityhacks #glassworm #itwasdns #cvss

GlassWorm Malware Targets Developers Through OpenVSX Marketplace https://hackread.com/glassworm-malware-developers-openvsx-marketplace/ #Cybersecurity #VisualStudio #Marketplace #Blockchain #GlassWorm #Security #Malware #OpenVSX #Solana

🚨 First-ever self-propagating #GlassWorm malware is targeting developers via the #OpenVSX marketplace, hijacking VSCode extensions, stealing credentials and using the #Solana blockchain for control. 🔐

Read: https://hackread.com/glassworm-malware-developers-openvsx-marketplace/

#Cybersecurity #SupplyChainAttack #Malware #VSCode #Malware