VulnHub

Real-time Cybersecurity News

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

BleepingComputer
Actively Exploited
UpdateMalware

Overview

A new wave of the GlassWorm malware campaign is targeting the OpenVSX ecosystem through 73 malicious 'sleeper' extensions. These extensions initially appear harmless but become malicious after receiving an update, posing a significant risk to users who may unknowingly install them. Researchers have noted that this tactic allows attackers to bypass traditional security measures that focus on identifying known malware. Developers and users of OpenVSX should be particularly vigilant, as these extensions can compromise their systems without warning. The situation emphasizes the need for caution when updating software and extensions from less familiar sources.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: OpenVSX ecosystem, users of affected extensions
  • Action Required: Users should avoid installing unverified extensions and regularly check for updates from trusted sources.
  • Timeline: Newly disclosed

Original Article Summary

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update. [...]

Impact

OpenVSX ecosystem, users of affected extensions

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should avoid installing unverified extensions and regularly check for updates from trusted sources. It's advisable to monitor installed extensions for any unexpected changes.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Update, Malware.

Read Original Article

Related Coverage

Supreme Court justices skeptically question both sides in geofence surveillance case

CyberScoop

The Supreme Court is currently considering a significant case, Chatrie v. United States, which revolves around the use of geofence surveillance by law enforcement. This technology allows authorities to gather location data from mobile devices within a specific area during a certain time frame, raising concerns about privacy and the extent of government monitoring. Justices expressed skepticism towards both sides, indicating they are carefully weighing the implications of allowing such surveillance methods. A decision is expected this summer, which could set important precedents for how law enforcement agencies can collect and use data in investigations. The outcome may impact privacy rights and law enforcement practices nationwide.

Apr 27, 2026

82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected

Hackread – Cybersecurity News, Data Breaches, AI and More

Research conducted by LayerX has uncovered that 82 Chrome extensions have been collecting and selling user data, impacting at least 6.5 million users. These extensions utilized disclosed but troubling practices to gather personal information, raising significant privacy concerns. Users of these extensions may have unknowingly compromised their data, which could lead to targeted advertising or other privacy invasions. The findings emphasize the need for users to be cautious about the permissions they grant to browser extensions and to regularly review their installed extensions. This incident serves as a stark reminder of the potential risks associated with seemingly innocuous tools that can operate within web browsers.

Apr 27, 2026

Medtronic says cyberattack did not disrupt its operations

SCM feed for Latest

Medtronic recently reported that it experienced a cyberattack, but it maintained that its operations were not disrupted. This incident raised alarms as it marks the second cyberattack on a significant medical device manufacturer since the onset of the Iran war. Although specific details about the nature of the attack were not disclosed, the event raises concerns about the growing targeting of healthcare companies, which are crucial for patient care. As cyber threats evolve, companies in the medical sector must remain vigilant to protect sensitive patient data and ensure the continuous operation of medical devices. The implications of such attacks can be severe, potentially affecting patient safety and trust in healthcare providers.

Apr 27, 2026

Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line

CyberScoop

Senators Maggie Hassan and Jim Banks have reached out to Navigate360 after a hacker claimed to have accessed sensitive student data from a school safety tip line that was designed to be anonymous. This incident raises serious concerns about the security measures in place for tools meant to protect students and ensure their safety. The hackers' actions could put the personal information of students at risk, potentially leading to misuse or exploitation. The senators are seeking clarity on how this breach occurred and what steps are being taken to secure the data moving forward. This situation emphasizes the need for robust security protocols in educational tools that handle sensitive information.

Apr 27, 2026

Firefox and Tor Browser vulnerability allowed hidden identifiers

SCM feed for Latest

A vulnerability in Firefox and the Tor Browser has been discovered, linked to how IndexedDB, a database used by these browsers to store data, operates. This flaw can potentially expose hidden identifiers, which can compromise user privacy and anonymity. Both browsers are widely used, especially by individuals seeking enhanced privacy online, making this issue particularly concerning. Users of these browsers should be aware of the risks associated with this vulnerability, as it may allow malicious actors to track their online activities. It is crucial for users to stay updated with the latest browser patches to mitigate these risks.

Apr 27, 2026

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

The Hacker News

Checkmarx has confirmed that data from its GitHub repository was posted on the dark web following a supply chain attack on March 23, 2026. The company is currently investigating the breach and believes that the attackers gained access to its repository during this incident. This exposure could have significant implications for Checkmarx and its clients, as sensitive information may have been compromised. The incident highlights the ongoing risks associated with supply chain vulnerabilities, emphasizing the need for companies to enhance their security measures. As the investigation continues, Checkmarx is likely to provide further updates on the extent of the data breach and potential impacts on affected users.

Apr 27, 2026