OpenVSX is a organization tracked across 25 threat clusters and 35 intelligence report mentions on ThreatCluster. First observed November 8, 2025; most recent activity July 8, 2026.
On March 24, 2026, two versions of the LiteLLM Python package (1.82.7 and 1.82.8) were compromised on PyPI, embedding credential-stealing payloads. The attack, linked to the TeamPCP threat actor, exploited a…
A malicious version of the Bitwarden CLI password manager was distributed via npm, affecting version 2026.4.0 for a brief window on April 22, 2026. The attack exploited a compromised GitHub Action in Bitwarden's CI/CD…
Checkmarx reported a malicious version of its Jenkins AST plugin was uploaded to the Jenkins Marketplace on May 9, 2026. This backdoored plugin, which affects security scans in Jenkins CI pipelines, poses a significant…
A critical supply chain vulnerability in Claude Code’s GitHub Actions, identified by security researcher Ryota K from GMO Flat Security, allows attackers to compromise any repository using Anthropic’s CI/CD workflow.…
A resurgence of the GlassWorm malware campaign has been identified, targeting the OpenVSX ecosystem with 73 'sleeper' extensions that become malicious after updates. Six of these extensions have already been activated…
On March 24, 2026, two malicious versions of the LiteLLM Python package (1.82.7 and 1.82.8) were published on PyPI, containing credential-stealing malware. The attack, attributed to the TeamPCP threat group, exploited…
The Glassworm botnet, which has targeted software developers since early 2025, was taken down in a coordinated operation by CrowdStrike, Google, and the Shadowserver Foundation on May 26, 2026. This botnet utilized…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
A supply chain attack targeting the Trivy open source scanner has infected over 1,000 cloud environments with secret-stealing malware. The attack, which occurred last week, has been attributed to a group called TeamPCP,…
In late March 2026, the Vect ransomware group partnered with TeamPCP, a credential theft specialist, to enhance their cybercriminal operations. This collaboration aims to leverage TeamPCP's extensive credential…