VulnHub

Real-time Cybersecurity News

GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX

SCM feed for Latest
Actively Exploited

Overview

Researchers have identified a new group of 73 malicious extensions linked to the GlassWorm campaign, which are designed to mimic legitimate projects. These extensions have been activated on Open VSX, a marketplace for Visual Studio Code extensions. The attackers aim to deceive users into installing these fake extensions, potentially compromising their systems. This incident raises concerns for developers and organizations using Open VSX, as it exposes them to security risks if they inadvertently install these malicious add-ons. Users need to be cautious and verify the authenticity of extensions before installation to avoid falling victim to this ongoing attack.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Open VSX marketplace, Visual Studio Code extensions
  • Action Required: Users should verify the authenticity of extensions before installation and consider removing any suspicious or unknown extensions.
  • Timeline: Newly disclosed

Original Article Summary

A new cluster of 73 extensions impersonating legitimate projects has been tied to the GlassWorm campaign.

Impact

Open VSX marketplace, Visual Studio Code extensions

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should verify the authenticity of extensions before installation and consider removing any suspicious or unknown extensions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

SecurityWeek

Researchers have discovered over 70 cloned Open VSX extensions that are believed to be designed to distribute the GlassWorm malware. These extensions, which mimic legitimate ones, may act as sleeper agents waiting to infect users. This incident poses a significant risk to developers and users who rely on the Open VSX platform for software development, as these malicious extensions could compromise their systems and data. Users are urged to be cautious and verify the authenticity of any extensions they download. This situation raises concerns about the security of extension marketplaces and the potential for widespread malware distribution through seemingly harmless tools.

Apr 28, 2026

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

The Hacker News

A new report indicates that many security programs falter because they assume that simply connecting systems resolves security issues. Researchers surveyed 500 security professionals and found that this misunderstanding is a significant barrier to implementing effective Zero Trust strategies. The report highlights that the movement of secure data is often more complex than just setting up a gateway and pushing data through. This misjudgment can lead to vulnerabilities and inefficiencies in safeguarding sensitive information. Companies need to reassess their approach to data movement to strengthen their security frameworks and better protect against potential breaches.

Apr 28, 2026

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

The Hacker News

A serious security flaw has been identified in LeRobot, Hugging Face's open-source robotics platform, which has garnered nearly 24,000 stars on GitHub. The vulnerability, designated as CVE-2026-25874, has a high severity score of 9.3 and allows attackers to exploit untrusted data deserialization, potentially leading to remote code execution without authentication. This flaw poses a significant risk to developers and organizations using LeRobot, as it could allow unauthorized access and control over their systems. Researchers are urging users to take immediate action to safeguard their implementations, given the potential for widespread exploitation. The details of the flaw emphasize the importance of security diligence in open-source projects.

Apr 28, 2026

Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place

Proofpoint News Feed

A recent study by Proofpoint revealed that half of global organizations have experienced incidents involving artificial intelligence, even with AI security measures in place. This suggests that existing safeguards are not sufficient to prevent misuse or attacks related to AI technologies. The research highlights a growing concern among businesses about the vulnerabilities associated with AI, particularly as adoption rates increase. Security professionals need to reassess their strategies to better protect against AI-related threats, as the technology continues to evolve. This finding serves as a wake-up call for organizations to enhance their defenses and stay ahead of potential risks.

Apr 28, 2026

U.S. companies hit with record fines for privacy in 2025

CyberScoop

In 2025, U.S. companies are facing record fines related to privacy violations, largely driven by stringent privacy laws in states like California. The increased scrutiny comes from new partnerships between states and a growing concern over how artificial intelligence and automation impact personal privacy. These fines reflect a broader trend of enforcing privacy regulations more aggressively, signaling to businesses that they must prioritize consumer data protection. As more states adopt similar laws, companies across various sectors will need to reassess their data handling practices to avoid costly penalties. This situation is significant as it emphasizes the evolving landscape of privacy laws and the responsibility of companies to comply with them.

Apr 28, 2026

NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

Security Affairs

The UK’s National Cyber Security Centre (NCSC) has introduced SilentGlass, a new security device designed to protect HDMI and DisplayPort connections from potential hardware attacks. This small plug-in device addresses a significant security gap in IT systems, which often overlook the physical connections between computers and monitors. By blocking malicious links, SilentGlass aims to safeguard sensitive information displayed on screens, making it particularly important for organizations that handle confidential data. The device is now available for commercial use globally, emphasizing the importance of securing physical connections in an increasingly digital world.

Apr 28, 2026