Glassworm Campaign is a threat campaign tracked across 7 threat clusters and 11 intelligence report mentions on ThreatCluster. First observed November 8, 2025; most recent activity May 27, 2026.
A resurgence of the GlassWorm malware campaign has been identified, targeting the OpenVSX ecosystem with 73 'sleeper' extensions that become malicious after updates. Six of these extensions have already been activated…
The Glassworm botnet, which has targeted software developers since early 2025, was taken down in a coordinated operation by CrowdStrike, Google, and the Shadowserver Foundation on May 26, 2026. This botnet utilized…
The ForceMemo campaign, attributed to the GlassWorm threat actor, is actively targeting the Python open-source ecosystem by exploiting stolen GitHub tokens to inject obfuscated malware into numerous repositories. The…
The GlassWorm malware campaign has intensified its operations by utilizing 72 newly identified malicious Open VSX extensions. These extensions exploit transitive dependencies within developer environments, allowing the…
A newly discovered vulnerability, CVE-2026-6770, allows attackers to fingerprint users of Firefox and Tor browsers, even in Private Browsing mode. The flaw, identified in the IndexedDB API, enables the creation of a…
The Open VSX registry faced a supply chain attack after access tokens were leaked, allowing threat actors to publish malicious extensions. The GlassWorm malware campaign has returned with new extensions targeting…
GlassWorm malware has reappeared on the Open VSX registry and in GitHub repositories, infecting three additional VS Code extensions. This resurgence follows its removal from the official marketplace, as reported by Koi…