Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space within a span
![]()
source https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html
source https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html