GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
GitHub

VSCode Extension Example - using the 'dummymsg_async' library

A tiny in-memory async messaging library, paired with a VS Code extension that detects common misuse at edit time. This project exists as a demo: the library is intentionally useless so the focus ...
GitHub

Built-in extension vscode.github is crashing on activation

at file:///c:/Users/JohnM/AppData/Local/Programs/Microsoft%20VS%20Code%20Insiders/11246017b6/resources/app/extensions/github/dist/extension.js:1:383 at file:///c ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...