VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...

Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and ...

It's frustrating to know there's a massive library of high-quality cinema available that you simply can't see because it ...

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...

The unpredictable nature of GNOME extensions, lacking a standard rulebook, often leads to instability and crashes.

Business and enterprise users can now connect their own API keys to use LLMs via OpenRouter, Ollama, Google, OpenAI, and more ...

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...