#openvsx

iT4iNT SERVER

@it4intserver.bsky.social

16 hours ago

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive

iT4iNT SERVER GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers VDS VPS Cloud #Cybersecurity #SupplyChainAttack #GlassWorm #OpenVSX #Malware

Socket

@socket.dev

1 day ago

73 Malicious Open VSX Extensions Linked to GlassWorm Campaig... Since January 31, 2026, we identified at least 73 additional malicious Open VSX extensions, including transitive GlassWorm loader extensions targeting...

🚨 New Research: We found 73 malicious Open VSX extensions tied to the GlassWorm campaign.

Attackers are now spreading the malware transitively by abusing VS Code extension packs and dependencies.

Details → socket.dev/blog/open-vs... #openvsx #vscode

Manrique Lopez

@jsmanrique.bsky.social

1 day ago

AWS backs Open VSX as Rust survey shows VS Code decline : AI-first editors and agent-driven tooling intensify competition in the IDE market

I use #OpenVSX on #TheiaIDE, but it seems I am not the only one… and of course, it can be used in #vscode and any of its derived work and forks 😉

www.theregister.com/2026/03/03/o...

J. Manrique López

@jsmanrique.mastodon.social.ap.brid.gy

1 day ago

AWS backs Open VSX as Rust survey shows VS Code decline : AI-first editors and agent-driven tooling intensify competition in the IDE market

I use #OpenVSX on #TheiaIDE, but it seems I am not the only one… and of course, it can be used in #vscode and any of its derived work and forks 😉

https://www.theregister.com/2026/03/03/open_vsx_aws/

jbz

@jbzfn.bsky.social

1 week ago

AWS backs Open VSX as Rust survey shows VS Code decline : AI-first editors and agent-driven tooling intensify competition in the IDE market

🌩️ AWS backs Open VSX as Rust survey shows VS Code decline

#openvsx #opensource #codium

ADTMag

@adtmag.bsky.social

1 week ago

Open VSX Hits 300 Million Monthly Downloads, and the Quiet Infrastructure Behind AI Coding Tools Gets a Stress Test -- ADTmag In the AI developer boom, some of the most important battlegrounds are not glamorous models or splashy chatbots. They are the quiet pipes that keep modern coding tools fed and up to date.

Open VSX has crossed 300 million monthly downloads, and the article shows how AI-native IDE growth is forcing extension delivery infrastructure to evolve fast on reliability, security, and scale.

Read the full article by @johnkwaters.bsky.social: https://ow.ly/u0wX50Yq1av

#OpenVSX #DeveloperTools

J. Manrique López

@jsmanrique.mastodon.social.ap.brid.gy

1 week ago

#OpenVSX hits 300 million monthly downloads 🤯 adtmag.com/blogs/watersworks/2026/0...

Manrique Lopez

@jsmanrique.bsky.social

1 week ago

Open VSX Hits 300 Million Monthly Downloads, and the Quiet Infrastructure Behind AI Coding Tools Gets a Stress Test -- ADTmag In the AI developer boom, some of the most important battlegrounds are not glamorous models or splashy chatbots. They are the quiet pipes that keep modern coding tools fed and up to date.

#OpenVSX hits 300 million monthly downloads 🤯 adtmag.com/blogs/waters...

roxsross

@roxsross.bsky.social

1 week ago

🔒 Eclipse Foundation Amplía el Alcance del Registro Open VSX

Nuevo marco con mayor seguridad y arquitectura híbrida para cadenas de suministro más seguras.

devops.com/eclipse-foundation-exten...

#OpenVSX #SupplyChainSecurity #OpenSource #RoxsRoss

thedailyperspective.org

@thedailyperspective.org

1 week ago

AWS Bets on Open VSX as VS Code's IDE Crown Shows Cracks AWS invests in the Open VSX Registry's European infrastructure as the 2025 Rust survey shows VS Code losing share to AI-native editors like Zed.

AWS Bets on Open VSX as VS Code's IDE Crown Shows Cracks

#OpenVSX #VSCode #AWS #OpenSource #AusNews #AusTech

thedailyperspective.org/article/2026-03-03-aws-b...

piggo

@pigondrugs.bsky.social

1 month ago

~Socket~
The Open VSX Registry is implementing pre-publish security checks to combat malicious extensions after repeated supply chain incidents.
-
IOCs: (None identified)
-
#OpenVSX #SupplyChain #ThreatIntel

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Alert: Open VSX Registry compromised! Malicious updates in popular extensions spread GlassWorm malware. Developers, check your extensions now! #CyberSecurity #SupplyChainAttack #OpenVSX Link: thedailytechfeed.com/open-vsx-sup...

CyberNetSecIO

@netsecio.bsky.social

1 month ago

📢 Open VSX Registry hit by supply chain attack! A compromised developer account was used to inject GlassWorm malware into 4 popular VS Code extensions, affecting 22k+ downloads. #OpenVSX #SupplyChain #Malware #GlassWorm

The New Oil

@thenewoil.org

1 month ago

New GlassWorm attack targets macOS via compromised OpenVSX extensions A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

New #GlassWorm attack targets #macOS via compromised #OpenVSX extensions

www.bleepingcomputer.com/news/security/new-glassw...

#cybersecurity

ReconBee

@reconbee.bsky.social

1 month ago

New GlassWorm attack targets macOS via compromised OpenVSX extensions Visual Studio Code marketplace as well as OpenVSX read more about New GlassWorm attack targets macOS via compromised OpenVSX extensions

New GlassWorm attack targets macOS via compromised OpenVSX extensions reconbee.com/new-glasswor...

#GlassWormattack #GlassWorm #macOS #openVSX #cybersecurity #cyberattacks

CyberNetSecIO

@netsecio.bsky.social

1 month ago

📢 Open VSX Registry hit by supply chain attack! A compromised developer account was used to inject GlassWorm malware into 4 popular VS Code extensions, affecting 22k+ downloads. #OpenVSX #SupplyChain #Malware #GlassWorm

CyberMaterial

@cybermaterial.bsky.social

1 month ago

Open Vsx Supply Chain Attack Spreads Glassworm
Read More: buff.ly/e6UnZRQ

#OpenVSX #GlassWorm #SupplyChainAttack #DeveloperTools #MaliciousUpdates #OpenSourceRisk #ThreatIntel #SoftwareSecurity

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Alert: GlassWorm malware infiltrates Open VSX extensions, targeting macOS developers. Ensure your extensions are up-to-date and review security practices. #CyberSecurity #OpenVSX #GlassWorm Link: thedailytechfeed.com/glassworm-ma...

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Alert: GlassWorm malware infiltrates Open VSX extensions, targeting macOS developers. Ensure your extensions are up-to-date and review security practices. #CyberSecurity #OpenVSX #GlassWorm Link: thedailytechfeed.com/glassworm-ma...

TechNadu

@technadu.com

1 month ago

Full Article: www.technadu.com/open-vsx-reg...

Are your teams auditing IDE extensions and registries regularly?
Comment with your mitigation strategies 👇
#CyberSecurity #SupplyChainSecurity #OpenVSX #GlassWorm #MalwareAnalysis #DeveloperSecurity

TechNadu

@technadu.com

1 month ago

🚨 GlassWorm malware delivered via Open VSX extensions
A compromised developer account pushed four malicious VS Code extensions targeting macOS credentials, VPNs & wallets - a clear supply-chain threat.

#CyberSecurity #SupplyChainAttack #OpenVSX #Malware

Socket

@socket.dev

1 month ago

GlassWorm Loader Hits Open VSX via Suspected Developer Accou... Threat actors compromised four oorzc Open VSX extensions with than 22,000 downloads, pushing malicious versions that install a staged loader, evade Ru...

🚨 New research: Threat actors compromised four #OpenVSX extensions, pushed malicious updates that load encrypted malware, evade Russian locales, and fetch C2 instructions via #Solana memos, leading to macOS credential and wallet theft.

Full analysis: socket.dev/blog/glasswo...

The Daily Tech Feed

@thedailytechfeed.com

1 month ago

Over 5,000 developer systems compromised via a malicious Open VSX extension. Attackers used blockchain for resilient command infrastructure. Stay vigilant! #CyberSecurity #Malware #OpenVSX Link: thedailytechfeed.com/malicious-vs...

J. Manrique López

@jsmanrique.mastodon.social.ap.brid.gy

1 month ago

An interesting open position in @EclipseFdn for those into digital #ProductManagement and #opensource at #OpenVSX, the biggest open-source registry for VS Code extensions, used by platforms like #Windsurf. 😉😉 […]

@techlife-blog.bsky.social

2 months ago

AI-Powered Code Editors Could Have Become Malware Delivery Machines: Here's What Happened Security researchers discover that popular AI coding tools like Cursor and Windsurf were vulnerable to a sneaky supply chain attack through fake extension recommendations

AI-Powered Code Editors Could Have Become Malware Delivery Machines: Here's What Happened

techlife.blog/posts/vscode...

#VSCode #Cursor #Windsurf #OpenVSX #SupplyChainAttack #ExtensionSecurity #DeveloperTools #Cybersecurity

CyberMaterial

@cybermaterial.bsky.social

2 months ago

VS Code Forks Expose Open VSX Risks
Read More: buff.ly/rutSsMr

#OpenVSX #VSCodeForks #DeveloperSecurity #SupplyChainRisk #MaliciousExtensions #AppSec #DevSecOps #ThreatResearch

Ahmandonk

@ahmandonk.bsky.social

2 months ago

📰 Gelombang Baru Malware GlassWorm Menargetkan Mac Lewat Wallet Kripto Palsu

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/01/02/malware-glass...

#crypto #wallet #glassworm #malware #macos #openvsx #vscode #extension

Checkmarx Zero

@checkmarxzero.bsky.social

3 months ago

Taking Down More Malicious VSCode Extensions in the 'Prettier' Campaign - Checkmarx As adversaries improve their tactics for getting malicious content into the Visual Studio Code Marketplace and Open VSX, Checkmarx Zero continues to defend the community. Here's the latest…

The adversary seems to have leveled up, artificially inflating install counts (thousands of installs with only a few downloads? Sus.) and releasing without a payload to gain adoption. They also hit #OpenVSX, an alternative to #VSCodeMarketplace; maybe they thought they'd sneak by us there? NOPE.

Sam Stepanyan

@securestep9.bsky.social

3 months ago

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools GlassWorm spreads again using 24 fake extensions across Visual Studio Marketplace and Open VSX, hiding Rust implants & Solana-based C2 to target devs.

#VSCode: 24 malicious VS Code and #OpenVSX extensions are stealing developer credentials - spreading through popular names like Flutter, React, and Tailwind.

Full list of malicious VSCode extensions in the article below:
#SoftwareSupplyChainSecurity
👇

Ahmandonk

@ahmandonk.bsky.social

3 months ago

📰 Gelombang Ketiga Malware Glassworm Serang Ekstensi VS Code

👉 Baca artikel lengkap di sini: ahmandonk.com/2025/12/02/glassworm-mal...

#developer #ekstensi #keamanan #malware #microsoft #openvsx #vscode