Search results for vs-code-git-extension | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space within a span of a month after the Shai-Hulud worm that targeted the npm ecosystem in mid-September 2025. What makes the attack stand out is the use of the Solana blockchain for command-and-control (C2), making the infrastructure resilient to takedown efforts. It also uses Google Calendar as a C2 fallback mechanism. Another novel aspect is that the GlassWorm campaign relies on "invisible Unicode characters that make malicious code literally disappear from code editors," Idan Dardikman said in a technical report. "The attacker used Unicode variation selectors – special characters that are...

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question , which are still available for download, are listed below - ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057 downloads) yasuyuky.transient-emacs (2,431 downloads) GlassWorm, first documented by Koi Security late last month, refers to a campaign in which threat actors leverage VS Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace to harvest Open VSX, GitHub, and Git credentials, drain funds from 49 different cryptocurrency wallet extensions, and drop additional tools for remote access. What makes the malware notable is that it uses invisible Unicode characters to hide malicious code in code editors and abuses the pilfered credentials to compromise additional extens...

The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and harvest npm, Open VSX, GitHub, and Git credentials, drain cryptocurrency assets from dozens of wallets, and turn developer machines into attacker-controlled nodes for other criminal activities. The most crucial aspect of the campaign is the abuse of the stolen credentials to compromise additional packages and extensions, thereby spreading the malware like a worm. Despite continued efforts of Microsoft and Open VSX, the malware resurfaced a second time last month, and the attackers were observed targeting GitHub repositories. The latest wave of the GlassWorm campaign, spotted by Secure Annex's Jo...

This week's cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open. The new Threatsday Bulletin brings it all together—big hacks, quiet exploits, bold arrests, and smart discoveries that explain where cyber threats are headed next. It's your quick, plain-spoken look at the week's biggest security moves before they become tomorrow's headlines.