> TritonInfoSec News
Home / Apr 28, 2026 / Story
0
#1 BleepingComputer general April 27, 2026 at 21:41 UTC

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

By Bill Toulas

AI Summary

Security researchers discovered 73 malicious extensions on OpenVSX marketplace as part of a new GlassWorm campaign, with 6 confirmed malicious extensions that turn hostile after updates. The sleeper extensions masquerade as legitimate VS Code extensions and deploy information-stealing malware once activated, targeting developers who trust the open-source extension repository.

Read full article → https://www.bleepingcomputer.com/news/security/gla…

Relevance score: 95.0/100

# More from April 28

  1. 2
    PyPI package with 1.1M monthly downloads hacked to push infostealer BleepingComputer
  2. 3
    Home security giant ADT data breach affects 5.5 million people BleepingComputer
  3. 4
    Medtronic confirms breach after hackers claim 9 million records theft BleepingComputer
  4. 5
    Alleged Silk Typhoon hacker extradited to US for cyberespionage BleepingComputer
  5. 6
    OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years SecurityWeek
  6. 7
    Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation Dark Reading
  7. 8
    UNC6692 Combines Social Engineering, Malware, Cloud Abuse Dark Reading
  8. 9
    Robinhood account creation flaw abused to send phishing emails BleepingComputer
  9. 10
    Energy and Water Management Firm Itron Hacked SecurityWeek