InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
The Hacker News

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.
winbuzzer.com

Microsoft March 2026 Patch Tuesday: 84 Fixes, Two Zero-Days, and an AI-Found CVSS 9.8

A fully autonomous AI agent has claimed the top of HackerOne’s bug bounty leaderboard – and this month it submitted a CVSS 9.8 remote code execution flaw to Microsoft via HackerOne that the company ...