#vs-code-extensions

[ follow ]
#glassworm #supply-chain-malware #github-compromise #unicode-obfuscation #blockchain-c2
#glassworm
fromInfoWorld
2 weeks ago
Information security

How GlassWorm wormed its way back into developers' code - and what it says about open source security

fromInfoWorld
2 weeks ago
Information security

How GlassWorm wormed its way back into developers' code - and what it says about open source security

more#glassworm
Information security
fromInfoWorld
1 month ago

Self-propagating worm found in marketplaces for Visual Studio Code extensions

GlassWorm infects VS Code and OpenVSX extensions, harvesting developer credentials, deploying proxies and backdoors, draining crypto wallets, and spreading rapidly.
fromThe Hacker News
1 month ago

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

"A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base," Wiz security researcher Rami McCarthy said in a report shared with The Hacker News. "An attacker who discovered this issue would have been able to directly distribute malware to the cumulative 150,000 install base."
Information security
[ Load more ]