SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

Hidden "Glassworm" malware spreads through infected VS Code extensions

A new malware worm campaign has infected multiple Microsoft Visual Studio Code extensions using invisible Unicode characters ...

Self-spreading GlassWorm malware hits OpenVSX, VS Code registries

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with ...
The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...
SecurityWeek

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability

Microsoft has patched CVE-2025-55315, a critical vulnerability in the ASP.NET Core open source web development framework.
Bleeping Computer

Hackers weaponize Microsoft Visual Studio add-ins to push malware

Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code on a target machine via malicious ...
InfoWorld

Visual Studio Code taps AI for merge conflict resolution

VS Code 1.105 also introduces a built-in MCP server marketplace and allows users to resume recent Copilot Chat sessions.