VulnHub

Real-time Cybersecurity News

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

SecurityWeek
Actively Exploited
Malware

Overview

Researchers have discovered over 70 cloned Open VSX extensions that are believed to be designed to distribute the GlassWorm malware. These extensions, which mimic legitimate ones, may act as sleeper agents waiting to infect users. This incident poses a significant risk to developers and users who rely on the Open VSX platform for software development, as these malicious extensions could compromise their systems and data. Users are urged to be cautious and verify the authenticity of any extensions they download. This situation raises concerns about the security of extension marketplaces and the potential for widespread malware distribution through seemingly harmless tools.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Open VSX platform users and developers
  • Action Required: Users should verify the authenticity of extensions before installation and remove any suspicious extensions from their systems.
  • Timeline: Newly disclosed

Original Article Summary

Over 70 cloned Open VSX extensions are likely sleeper extensions designed to distribute malware. The post Dozens of Open VSX Extension Clones Linked to GlassWorm Malware appeared first on SecurityWeek.

Impact

Open VSX platform users and developers

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should verify the authenticity of extensions before installation and remove any suspicious extensions from their systems.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

US reportedly charges Scattered Spider hacker arrested in Finland

BleepingComputer

A 19-year-old dual citizen of the United States and Estonia has been arrested in Finland and is facing federal charges in the U.S. for his alleged involvement with the Scattered Spider hacking group. This collective is known for its sophisticated cyberattacks, often targeting high-profile organizations. The arrest marks a significant step in the fight against cybercrime, as Scattered Spider has been linked to various data breaches and online scams. The individual’s capture underscores the international efforts to combat hacking and holds potential implications for cybersecurity practices in both the U.S. and Europe. As authorities continue to address the threat posed by such groups, it reinforces the need for enhanced security measures.

Apr 28, 2026

Fake CAPTCHA scam drains bank accounts through international revenue share fraud

SCM feed for Latest

A new scam is targeting users through fake CAPTCHA challenges on typosquatted domains that impersonate telecommunications brands. When users unknowingly visit these fraudulent sites, they may be prompted to complete a CAPTCHA, which is part of a scheme to steal personal information and drain bank accounts. This attack relies on social engineering tactics to trick individuals into providing sensitive data. As a result, victims could face significant financial losses and identity theft. This incident serves as a reminder for users to be cautious when entering personal information online and to verify website URLs before engaging with them.

Apr 28, 2026

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

The Hacker News

A new report indicates that many security programs falter because they assume that simply connecting systems resolves security issues. Researchers surveyed 500 security professionals and found that this misunderstanding is a significant barrier to implementing effective Zero Trust strategies. The report highlights that the movement of secure data is often more complex than just setting up a gateway and pushing data through. This misjudgment can lead to vulnerabilities and inefficiencies in safeguarding sensitive information. Companies need to reassess their approach to data movement to strengthen their security frameworks and better protect against potential breaches.

Apr 28, 2026

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

The Hacker News

A serious security flaw has been identified in LeRobot, Hugging Face's open-source robotics platform, which has garnered nearly 24,000 stars on GitHub. The vulnerability, designated as CVE-2026-25874, has a high severity score of 9.3 and allows attackers to exploit untrusted data deserialization, potentially leading to remote code execution without authentication. This flaw poses a significant risk to developers and organizations using LeRobot, as it could allow unauthorized access and control over their systems. Researchers are urging users to take immediate action to safeguard their implementations, given the potential for widespread exploitation. The details of the flaw emphasize the importance of security diligence in open-source projects.

Apr 28, 2026

GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX

SCM feed for Latest

Researchers have identified a new group of 73 malicious extensions linked to the GlassWorm campaign, which are designed to mimic legitimate projects. These extensions have been activated on Open VSX, a marketplace for Visual Studio Code extensions. The attackers aim to deceive users into installing these fake extensions, potentially compromising their systems. This incident raises concerns for developers and organizations using Open VSX, as it exposes them to security risks if they inadvertently install these malicious add-ons. Users need to be cautious and verify the authenticity of extensions before installation to avoid falling victim to this ongoing attack.

Apr 28, 2026

Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place

Proofpoint News Feed

A recent study by Proofpoint revealed that half of global organizations have experienced incidents involving artificial intelligence, even with AI security measures in place. This suggests that existing safeguards are not sufficient to prevent misuse or attacks related to AI technologies. The research highlights a growing concern among businesses about the vulnerabilities associated with AI, particularly as adoption rates increase. Security professionals need to reassess their strategies to better protect against AI-related threats, as the technology continues to evolve. This finding serves as a wake-up call for organizations to enhance their defenses and stay ahead of potential risks.

Apr 28, 2026