All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Glassworm Malware Campaign Targets Developers via npm, PyPI, OpenVSX, and GitHub

By

@infosec.skyfleet.blue

4d ago· 6 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Hand-rolled, kettle-boiled, baked to perfection. Worth every minute at the bakery.

Score100TypenewsSentimentvery negative

Summary

Glassworm is a dangerous malware campaign targeting software developers by abusing trusted platforms including npm, PyPI, OpenVSX, and GitHub. First surfacing in October 2025, the campaign spread through malicious Visual Studio Code and OpenVSX extensions on developer marketplaces, infecting approximately 35,800 developers in its first wave. The malware enables data theft, credential harvesting, and persistent system access by turning routine development workflows into attack entry points.

Key quotes

· 3 pulled
A dangerous malware campaign known as Glassworm has been spreading through the tools that software developers trust most every day.
By abusing popular platforms like npm, PyPI, OpenVSX, and GitHub, the attackers have turned routine development workflows into entry points for data theft, credential harvesting, and persistent system access.
In the first wave alone, roughly 35,800 developers were reportedly infected.
Snippet from the RSS feed
A dangerous malware campaign known as Glassworm has been spreading through the tools that software developers trust most every day. By abusing popular platforms like npm, PyPI, OpenVSX, and GitHub, the attackers have turned routine development workflows i

You might also wanna read

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·2mo ago

GlassWorm: First Self-Propagating Worm Targets VS Code Extensions with Invisible Code

Researchers have discovered GlassWorm, the world's first self-propagating worm targeting VS Code extensions on the OpenVSX marketplace. This

koi.ai·7mo ago

North Korean Hackers Exploit Visual Studio Code to Deploy Backdoor Malware via Git Repositories

Jamf Threat Labs has identified North Korean threat actors expanding their abuse of Microsoft Visual Studio Code to deploy backdoor malware.

jamf.com·4mo ago

GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware

GitLab's security researchers have uncovered a large-scale supply chain attack in the npm ecosystem involving a destructive malware variant

about.gitlab.com·6mo ago

GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package

A sophisticated supply chain attack compromised approximately 4,000 developer machines through a GitHub issue title prompt injection. The at

grith.ai·2mo ago

Malicious VS Code AI Extensions with 1.5M Installs Secretly Harvest Developer Codebases

Two popular VS Code AI coding extensions with 1.5 million installs have been identified as malicious, secretly harvesting developers' entire

koi.ai·3mo ago