#openvsx — Public Fediverse posts

The #EclipseFdn has launched the Open VSX Security Researcher Recognition Program, creating a clear pathway for responsible vulnerability disclosure in a growing extension ecosystem.

Read the announcement and learn how to participate: https://newsroom.eclipse.org/news/announcements/eclipse-foundation-launches-open-vsx-security-researcher-recognition-program

#OpenVSX #opensource

The #EclipseFdn has launched the Open VSX Security Researcher Recognition Program, creating a clear pathway for responsible vulnerability disclosure in a growing extension ecosystem.

Read the announcement and learn how to participate: https://newsroom.eclipse.org/news/announcements/eclipse-foundation-launches-open-vsx-security-researcher-recognition-program

#OpenVSX #opensource

The #EclipseFdn has launched the Open VSX Security Researcher Recognition Program, creating a clear pathway for responsible vulnerability disclosure in a growing extension ecosystem.

Read the announcement and learn how to participate: https://newsroom.eclipse.org/news/announcements/eclipse-foundation-launches-open-vsx-security-researcher-recognition-program

#OpenVSX #opensource

The #EclipseFdn has launched the Open VSX Security Researcher Recognition Program, creating a clear pathway for responsible vulnerability disclosure in a growing extension ecosystem.

Read the announcement and learn how to participate: https://newsroom.eclipse.org/news/announcements/eclipse-foundation-launches-open-vsx-security-researcher-recognition-program

#OpenVSX #opensource

The #EclipseFdn has launched the Open VSX Security Researcher Recognition Program, creating a clear pathway for responsible vulnerability disclosure in a growing extension ecosystem.

Read the announcement and learn how to participate: https://newsroom.eclipse.org/news/announcements/eclipse-foundation-launches-open-vsx-security-researcher-recognition-program

#OpenVSX #opensource

WinDev Helper VS Code extension v3.0.0 (more enhancements for the official WinUI dotnet new templates)

https://marketplace.visualstudio.com/items?itemName=alvinashcraft.windev-helper

#windowsdev #winui #vscode #openvsx #windowsappsdk #dotnet #csharp #xaml

WinDev Helper VS Code extension v3.0.0 (more enhancements for the official WinUI dotnet new templates)

https://marketplace.visualstudio.com/items?itemName=alvinashcraft.windev-helper

#windowsdev #winui #vscode #openvsx #windowsappsdk #dotnet #csharp #xaml

WinDev Helper VS Code extension v3.0.0 (more enhancements for the official WinUI dotnet new templates)

https://marketplace.visualstudio.com/items?itemName=alvinashcraft.windev-helper

#windowsdev #winui #vscode #openvsx #windowsappsdk #dotnet #csharp #xaml

WinDev Helper VS Code extension v3.0.0 (more enhancements for the official WinUI dotnet new templates)

https://marketplace.visualstudio.com/items?itemName=alvinashcraft.windev-helper

#windowsdev #winui #vscode #openvsx #windowsappsdk #dotnet #csharp #xaml

WinDev Helper VS Code extension v3.0.0 (more enhancements for the official WinUI dotnet new templates)

https://marketplace.visualstudio.com/items?itemName=alvinashcraft.windev-helper

#windowsdev #winui #vscode #openvsx #windowsappsdk #dotnet #csharp #xaml

🕵🏻‍♂️ [InfoSec MASHUP] - This week's news cycle handed us the usual parade of breaches, arrests, and patch-your-stuff urgency — but if you squint at the #Malware section long enough, a more uncomfortable story emerges. #SAP-related npm packages backdoored with a credential stealer. A popular #PyPI package hijacked via a forged signed release pushed through a compromised GitHub Actions workflow. Seventy-three "sleeper" extensions quietly sitting in #OpenVSX, waiting. The common thread: attackers aren't breaking down the front door anymore. They're walking in through the tools developers use every day, often with a valid signature and a clean commit history.

What makes this particularly fun — in the way a slow-motion disaster is fun — is that the blast radius isn't just the developer who ran pip install. It's every downstream user, every CI/CD pipeline, every AI coding agent that helpfully executed the preinstall hook without asking questions. The supply chain isn't a niche threat vector reserved for nation-state ops anymore. It's where commodity attackers are increasingly playing, because it scales beautifully and the detection gap remains embarrassingly wide.

→ Week #18/2026 also covers: Supply chain attackers found the path of least resistance, #OpenSSH patched a bug older than most junior devs, and #Europe is done pretending U.S. #cloud is a neutral choice.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2026-shinyhunters-week-off-they-didn-t-take-one

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🕵🏻‍♂️ [InfoSec MASHUP] - This week's news cycle handed us the usual parade of breaches, arrests, and patch-your-stuff urgency — but if you squint at the #Malware section long enough, a more uncomfortable story emerges. #SAP-related npm packages backdoored with a credential stealer. A popular #PyPI package hijacked via a forged signed release pushed through a compromised GitHub Actions workflow. Seventy-three "sleeper" extensions quietly sitting in #OpenVSX, waiting. The common thread: attackers aren't breaking down the front door anymore. They're walking in through the tools developers use every day, often with a valid signature and a clean commit history.

What makes this particularly fun — in the way a slow-motion disaster is fun — is that the blast radius isn't just the developer who ran pip install. It's every downstream user, every CI/CD pipeline, every AI coding agent that helpfully executed the preinstall hook without asking questions. The supply chain isn't a niche threat vector reserved for nation-state ops anymore. It's where commodity attackers are increasingly playing, because it scales beautifully and the detection gap remains embarrassingly wide.

→ Week #18/2026 also covers: Supply chain attackers found the path of least resistance, #OpenSSH patched a bug older than most junior devs, and #Europe is done pretending U.S. #cloud is a neutral choice.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2026-shinyhunters-week-off-they-didn-t-take-one

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🕵🏻‍♂️ [InfoSec MASHUP] - This week's news cycle handed us the usual parade of breaches, arrests, and patch-your-stuff urgency — but if you squint at the #Malware section long enough, a more uncomfortable story emerges. #SAP-related npm packages backdoored with a credential stealer. A popular #PyPI package hijacked via a forged signed release pushed through a compromised GitHub Actions workflow. Seventy-three "sleeper" extensions quietly sitting in #OpenVSX, waiting. The common thread: attackers aren't breaking down the front door anymore. They're walking in through the tools developers use every day, often with a valid signature and a clean commit history.

What makes this particularly fun — in the way a slow-motion disaster is fun — is that the blast radius isn't just the developer who ran pip install. It's every downstream user, every CI/CD pipeline, every AI coding agent that helpfully executed the preinstall hook without asking questions. The supply chain isn't a niche threat vector reserved for nation-state ops anymore. It's where commodity attackers are increasingly playing, because it scales beautifully and the detection gap remains embarrassingly wide.

→ Week #18/2026 also covers: Supply chain attackers found the path of least resistance, #OpenSSH patched a bug older than most junior devs, and #Europe is done pretending U.S. #cloud is a neutral choice.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2026-shinyhunters-week-off-they-didn-t-take-one

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🕵🏻‍♂️ [InfoSec MASHUP] - This week's news cycle handed us the usual parade of breaches, arrests, and patch-your-stuff urgency — but if you squint at the #Malware section long enough, a more uncomfortable story emerges. #SAP-related npm packages backdoored with a credential stealer. A popular #PyPI package hijacked via a forged signed release pushed through a compromised GitHub Actions workflow. Seventy-three "sleeper" extensions quietly sitting in #OpenVSX, waiting. The common thread: attackers aren't breaking down the front door anymore. They're walking in through the tools developers use every day, often with a valid signature and a clean commit history.

What makes this particularly fun — in the way a slow-motion disaster is fun — is that the blast radius isn't just the developer who ran pip install. It's every downstream user, every CI/CD pipeline, every AI coding agent that helpfully executed the preinstall hook without asking questions. The supply chain isn't a niche threat vector reserved for nation-state ops anymore. It's where commodity attackers are increasingly playing, because it scales beautifully and the detection gap remains embarrassingly wide.

→ Week #18/2026 also covers: Supply chain attackers found the path of least resistance, #OpenSSH patched a bug older than most junior devs, and #Europe is done pretending U.S. #cloud is a neutral choice.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2026-shinyhunters-week-off-they-didn-t-take-one

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

🕵🏻‍♂️ [InfoSec MASHUP] - This week's news cycle handed us the usual parade of breaches, arrests, and patch-your-stuff urgency — but if you squint at the #Malware section long enough, a more uncomfortable story emerges. #SAP-related npm packages backdoored with a credential stealer. A popular #PyPI package hijacked via a forged signed release pushed through a compromised GitHub Actions workflow. Seventy-three "sleeper" extensions quietly sitting in #OpenVSX, waiting. The common thread: attackers aren't breaking down the front door anymore. They're walking in through the tools developers use every day, often with a valid signature and a clean commit history.

What makes this particularly fun — in the way a slow-motion disaster is fun — is that the blast radius isn't just the developer who ran pip install. It's every downstream user, every CI/CD pipeline, every AI coding agent that helpfully executed the preinstall hook without asking questions. The supply chain isn't a niche threat vector reserved for nation-state ops anymore. It's where commodity attackers are increasingly playing, because it scales beautifully and the detection gap remains embarrassingly wide.

→ Week #18/2026 also covers: Supply chain attackers found the path of least resistance, #OpenSSH patched a bug older than most junior devs, and #Europe is done pretending U.S. #cloud is a neutral choice.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-18-2026-shinyhunters-week-off-they-didn-t-take-one

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

#GlassWorm #malware attacks return via 73 #OpenVSX "sleeper" extensions

https://www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/

#cybersecurity

#GlassWorm #malware attacks return via 73 #OpenVSX "sleeper" extensions

https://www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/

#cybersecurity

#GlassWorm #malware attacks return via 73 #OpenVSX "sleeper" extensions

https://www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/

#cybersecurity

#GlassWorm #malware attacks return via 73 #OpenVSX "sleeper" extensions

https://www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/

#cybersecurity

#GlassWorm #malware attacks return via 73 #OpenVSX "sleeper" extensions

https://www.bleepingcomputer.com/news/security/glassworm-malware-attacks-return-via-73-openvsx-sleeper-extensions/

#cybersecurity

GlassWorm Malware Resurfaces Through 73 OpenVSX Extensions

Researchers at Socket have uncovered a sneaky new wave of GlassWorm malware, this time hiding in 73 OpenVSX extensions that behave like sleepers - seemingly harmless at first, but turning malicious after a stealthy update. Six of these extensions have already been activated, unleashing malware on unsuspecting developers.

https://osintsights.com/glassworm-malware-resurfaces-through-73-openvsx-extensions?utm_source=mastodon&utm_medium=social

#GlasswormMalware #Openvsx #MalwareOperations #EmergingThreats #ApplicationSecurity

Researchers Expose 73 Fake VS Code Extensions Spreading GlassWorm v2 Malware

Malicious VS Code extensions are putting developers at risk, with 73 fake extensions discovered spreading GlassWorm v2 malware, allowing attackers to stealthily retrieve and execute payloads after activation. These extensions act as loaders, using obfuscated JavaScript to achieve the same malicious…

https://osintsights.com/researchers-expose-73-fake-vs-code-extensions-spreading-glassworm-v2-malware?utm_source=mastodon&utm_medium=social

#MalwareOperations #GlasswormV2 #VsCodeExtensions #OpenVsx #InformationstealingCampaign

GlassWorm muta ancora: 73 estensioni “sleeper” su Open VSX pronte a svegliarsi come malware

https://insicurezzadigitale.com/glassworm-muta-ancora-73-estensioni-sleeper-su-open-vsx-pronte-a-svegliarsi-come-malware/

GlassWorm muta ancora: 73 estensioni “sleeper” su Open VSX pronte a svegliarsi come malware

https://insicurezzadigitale.com/glassworm-muta-ancora-73-estensioni-sleeper-su-open-vsx-pronte-a-svegliarsi-come-malware/

GlassWorm muta ancora: 73 estensioni “sleeper” su Open VSX pronte a svegliarsi come malware

https://insicurezzadigitale.com/glassworm-muta-ancora-73-estensioni-sleeper-su-open-vsx-pronte-a-svegliarsi-come-malware/

GlassWorm muta ancora: 73 estensioni “sleeper” su Open VSX pronte a svegliarsi come malware

https://insicurezzadigitale.com/glassworm-muta-ancora-73-estensioni-sleeper-su-open-vsx-pronte-a-svegliarsi-come-malware/

GlassWorm muta ancora: 73 estensioni “sleeper” su Open VSX pronte a svegliarsi come malware

https://insicurezzadigitale.com/glassworm-muta-ancora-73-estensioni-sleeper-su-open-vsx-pronte-a-svegliarsi-come-malware/

Bugs ohne Bounty: #EclipseFoundation startet Sicherheitsprogramm für #OpenVSX | Developer https://www.heise.de/news/Bugs-ohne-Bounty-Eclipse-Foundation-startet-Sicherheitsprogramm-fuer-Open-VSX-11257225.html @EclipseFdn

Bugs ohne Bounty: #EclipseFoundation startet Sicherheitsprogramm für #OpenVSX | Developer https://www.heise.de/news/Bugs-ohne-Bounty-Eclipse-Foundation-startet-Sicherheitsprogramm-fuer-Open-VSX-11257225.html @EclipseFdn

Bugs ohne Bounty: #EclipseFoundation startet Sicherheitsprogramm für #OpenVSX | Developer https://www.heise.de/news/Bugs-ohne-Bounty-Eclipse-Foundation-startet-Sicherheitsprogramm-fuer-Open-VSX-11257225.html @EclipseFdn

Bugs ohne Bounty: #EclipseFoundation startet Sicherheitsprogramm für #OpenVSX | Developer https://www.heise.de/news/Bugs-ohne-Bounty-Eclipse-Foundation-startet-Sicherheitsprogramm-fuer-Open-VSX-11257225.html @EclipseFdn

#GlassWorm #malware hits 400+ code repos on #GitHub, #npm, #VSCode, #OpenVSX

https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/

#cybersecurity

#GlassWorm #malware hits 400+ code repos on #GitHub, #npm, #VSCode, #OpenVSX

https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/

#cybersecurity

#GlassWorm #malware hits 400+ code repos on #GitHub, #npm, #VSCode, #OpenVSX

https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/

#cybersecurity

#GlassWorm #malware hits 400+ code repos on #GitHub, #npm, #VSCode, #OpenVSX

https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/

#cybersecurity

#GlassWorm #malware hits 400+ code repos on #GitHub, #npm, #VSCode, #OpenVSX

https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/

#cybersecurity

The Open VSX Registry continues to grow as shared infrastructure for modern developer platforms.
DevOps.com covers how the Eclipse Foundation is expanding the reach of this vendor-neutral extension marketplace and strengthening its reliability and security.
Read the article:
https://devops.com/eclipse-foundation-extends-scope-and-reach-of-open-vsx-registry/
#OpenSource #DevTools #OpenVSX

The Open VSX Registry continues to grow as shared infrastructure for modern developer platforms.
DevOps.com covers how the Eclipse Foundation is expanding the reach of this vendor-neutral extension marketplace and strengthening its reliability and security.
Read the article:
https://devops.com/eclipse-foundation-extends-scope-and-reach-of-open-vsx-registry/
#OpenSource #DevTools #OpenVSX

The Open VSX Registry continues to grow as shared infrastructure for modern developer platforms.
DevOps.com covers how the Eclipse Foundation is expanding the reach of this vendor-neutral extension marketplace and strengthening its reliability and security.
Read the article:
https://devops.com/eclipse-foundation-extends-scope-and-reach-of-open-vsx-registry/
#OpenSource #DevTools #OpenVSX

The Open VSX Registry continues to grow as shared infrastructure for modern developer platforms.
DevOps.com covers how the Eclipse Foundation is expanding the reach of this vendor-neutral extension marketplace and strengthening its reliability and security.
Read the article:
https://devops.com/eclipse-foundation-extends-scope-and-reach-of-open-vsx-registry/
#OpenSource #DevTools #OpenVSX

The Open VSX Registry continues to grow as shared infrastructure for modern developer platforms.
DevOps.com covers how the Eclipse Foundation is expanding the reach of this vendor-neutral extension marketplace and strengthening its reliability and security.
Read the article:
https://devops.com/eclipse-foundation-extends-scope-and-reach-of-open-vsx-registry/
#OpenSource #DevTools #OpenVSX

https://winbuzzer.com/2026/03/16/glassworm-invisible-unicode-supply-chain-attack-github-npm-vscode-xcxwbn/

Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

#GitHub #Cybersecurity #Malware #VSCode #npm #OpenSource #Developers #SoftwareDevelopment #Cybercrime #Hackers #SecurityVulnerabilities #Microsoft #Software #BigTech #VSCodeExtension #GlassWorm #OpenVSX

https://winbuzzer.com/2026/03/16/glassworm-invisible-unicode-supply-chain-attack-github-npm-vscode-xcxwbn/

Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

#GitHub #Cybersecurity #Malware #VSCode #npm #OpenSource #Developers #SoftwareDevelopment #Cybercrime #Hackers #SecurityVulnerabilities #Microsoft #Software #BigTech #VSCodeExtension #GlassWorm #OpenVSX

https://winbuzzer.com/2026/03/16/glassworm-invisible-unicode-supply-chain-attack-github-npm-vscode-xcxwbn/

Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

#GitHub #Cybersecurity #Malware #VSCode #npm #OpenSource #Developers #SoftwareDevelopment #Cybercrime #Hackers #SecurityVulnerabilities #Microsoft #Software #BigTech #VSCodeExtension #GlassWorm #OpenVSX

https://winbuzzer.com/2026/03/16/glassworm-invisible-unicode-supply-chain-attack-github-npm-vscode-xcxwbn/

Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

#GitHub #Cybersecurity #Malware #VSCode #npm #OpenSource #Developers #SoftwareDevelopment #Cybercrime #Hackers #SecurityVulnerabilities #Microsoft #Software #BigTech #VSCodeExtension #GlassWorm #OpenVSX

https://winbuzzer.com/2026/03/16/glassworm-invisible-unicode-supply-chain-attack-github-npm-vscode-xcxwbn/

Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

#GitHub #Cybersecurity #Malware #VSCode #npm #OpenSource #Developers #SoftwareDevelopment #Cybercrime #Hackers #SecurityVulnerabilities #Microsoft #Software #BigTech #VSCodeExtension #GlassWorm #OpenVSX

Open VSX continues to grow as a trusted infrastructure for modern developer tools.
The Register covers how new industry investment, including support from AWS, is helping strengthen the reliability and sustainability of the vendor-neutral extension registry operated by the Eclipse Foundation.

Read the article:
https://www.theregister.com/2026/03/03/open_vsx_aws/

#OpenSource #DevTools #OpenVSX

Open VSX continues to grow as a trusted infrastructure for modern developer tools.
The Register covers how new industry investment, including support from AWS, is helping strengthen the reliability and sustainability of the vendor-neutral extension registry operated by the Eclipse Foundation.

Read the article:
https://www.theregister.com/2026/03/03/open_vsx_aws/

#OpenSource #DevTools #OpenVSX

Open VSX continues to grow as a trusted infrastructure for modern developer tools.
The Register covers how new industry investment, including support from AWS, is helping strengthen the reliability and sustainability of the vendor-neutral extension registry operated by the Eclipse Foundation.

Read the article:
https://www.theregister.com/2026/03/03/open_vsx_aws/

#OpenSource #DevTools #OpenVSX

Open VSX continues to grow as a trusted infrastructure for modern developer tools.
The Register covers how new industry investment, including support from AWS, is helping strengthen the reliability and sustainability of the vendor-neutral extension registry operated by the Eclipse Foundation.

Read the article:
https://www.theregister.com/2026/03/03/open_vsx_aws/

#OpenSource #DevTools #OpenVSX