Web Scouter
Back to News
Security NewsHighIncidentsupply chain

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

UnknownMar 14, 2026(about 5 hours ago)

The GlassWorm campaign is escalating its attacks by abusing Open VSX extensions to target developers through a supply-chain attack.

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive

Related News

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

Unknownabout 3 hours ago

Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

Unknownabout 7 hours ago

CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Unknownabout 9 hours ago

Get Personalized Alerts

Track vendors and receive alerts when security incidents affect your supply chain.

What We Monitor

Security Incidents

Data breaches, ransomware, and unauthorized access

Vulnerabilities

CVEs and vendor security advisories

Compliance Updates

Regulatory changes and certification news

Legal News

Privacy laws and enforcement actions

Vendor Directory

Browse our directory of SaaS vendors with security documentation and compliance information.