GlassWorm Malware Resurfaces in Open VSX Extensions Following Token Leak

GlassWorm Malware Resurfaces in Open VSX Extensions Following Token Leak

First seen 1 Dec 2025, 20:43 UTC BleepingcomputerGbhackersCyberpressCybersecuritynewsThehackernews+5 69% similarity 30.3

Article Content

Browse articles
ThreatCluster

The Open VSX registry faced a supply chain attack after access tokens were leaked, allowing threat actors to publish malicious extensions. The GlassWorm malware campaign has returned with new extensions targeting developers' credentials and cryptocurrency wallets, leveraging obfuscation techniques to evade detection. Over 10,000 downloads of the new malicious extensions have been reported.

ThreatCluster AI

Community

Browse all →