VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

Ahead of its April 29 fiscal Q3 earnings release, Microsoft has introduced a range of product updates and strategic changes.

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...