Critical flaw in Open VSX Registry exposed millions of developers to supply chain attacks. Ensure your extensions are up-to-date and from trusted sources. #PotatoSecurity #OpenVSX #SupplyChainSecurity Link: thedailytechfeed.com/critical-ope...

Critical flaw in Open VSX Registry exposed millions of developers to supply chain attacks. Ensure your extensions are up-to-date and from trusted sources. #CyberSecurity #OpenVSX #SupplyChainSecurity Link: thedailytechfeed.com/critical-ope...

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'" Koi

iT4iNT SERVER Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks VDS VPS Cloud #OpenVSX #Cybersecurity #VScode #Malware #SecurityFlaw

Alert: The 'fast-draft' extension on Open VSX, with over 26K downloads, was found deploying malware. Developers, review your extensions and stay vigilant! #PotatoSecurity #DevSecOps #OpenVSX Link: thedailytechfeed.com/malicious-fa...

Alert: The 'fast-draft' extension on Open VSX, with over 26K downloads, was found deploying malware. Developers, review your extensions and stay vigilant! #CyberSecurity #DevSecOps #OpenVSX Link: thedailytechfeed.com/malicious-fa...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions.

#GlassWorm #malware hits 400+ code repos on #GitHub, #npm, #VSCode, #OpenVSX

www.bleepingcomputer.com/news/security/glassworm-...

#cybersecurity

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.

winbuzzer.com/2026/03/16/g...

Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

#GitHub #Cybersecurity #Malware #VSCode #npm #OpenSource #Developers #SoftwareDevelopment #Cybercrime #Hackers #SecurityVulnerabilities #Microsoft #Software #BigTech #VSCodeExtension #GlassWorm #OpenVSX

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive

iT4iNT SERVER GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers VDS VPS Cloud #Cybersecurity #SupplyChainAttack #GlassWorm #OpenVSX #Malware

73 Malicious Open VSX Extensions Linked to GlassWorm Campaig... Since January 31, 2026, we identified at least 73 additional malicious Open VSX extensions, including transitive GlassWorm loader extensions targeting...

🚨 New Research: We found 73 malicious Open VSX extensions tied to the GlassWorm campaign.

Attackers are now spreading the malware transitively by abusing VS Code extension packs and dependencies.

Details → socket.dev/blog/open-vs... #openvsx #vscode

AWS backs Open VSX as Rust survey shows VS Code decline : AI-first editors and agent-driven tooling intensify competition in the IDE market

I use #OpenVSX on #TheiaIDE, but it seems I am not the only one… and of course, it can be used in #vscode and any of its derived work and forks 😉

www.theregister.com/2026/03/03/o...

AWS backs Open VSX as Rust survey shows VS Code decline : AI-first editors and agent-driven tooling intensify competition in the IDE market

I use #OpenVSX on #TheiaIDE, but it seems I am not the only one… and of course, it can be used in #vscode and any of its derived work and forks 😉

https://www.theregister.com/2026/03/03/open_vsx_aws/

AWS backs Open VSX as Rust survey shows VS Code decline : AI-first editors and agent-driven tooling intensify competition in the IDE market

🌩️ AWS backs Open VSX as Rust survey shows VS Code decline

#openvsx #opensource #codium

Open VSX Hits 300 Million Monthly Downloads, and the Quiet Infrastructure Behind AI Coding Tools Gets a Stress Test -- ADTmag In the AI developer boom, some of the most important battlegrounds are not glamorous models or splashy chatbots. They are the quiet pipes that keep modern coding tools fed and up to date.

Open VSX has crossed 300 million monthly downloads, and the article shows how AI-native IDE growth is forcing extension delivery infrastructure to evolve fast on reliability, security, and scale.

Read the full article by @johnkwaters.bsky.social: https://ow.ly/u0wX50Yq1av

#OpenVSX #DeveloperTools

#OpenVSX hits 300 million monthly downloads 🤯 adtmag.com/blogs/watersworks/2026/0...

Open VSX Hits 300 Million Monthly Downloads, and the Quiet Infrastructure Behind AI Coding Tools Gets a Stress Test -- ADTmag In the AI developer boom, some of the most important battlegrounds are not glamorous models or splashy chatbots. They are the quiet pipes that keep modern coding tools fed and up to date.

#OpenVSX hits 300 million monthly downloads 🤯 adtmag.com/blogs/waters...

🔒 Eclipse Foundation Amplía el Alcance del Registro Open VSX

Nuevo marco con mayor seguridad y arquitectura híbrida para cadenas de suministro más seguras.

devops.com/eclipse-foundation-exten...

#OpenVSX #SupplyChainSecurity #OpenSource #RoxsRoss

AWS Bets on Open VSX as VS Code's IDE Crown Shows Cracks AWS invests in the Open VSX Registry's European infrastructure as the 2025 Rust survey shows VS Code losing share to AI-native editors like Zed.

AWS Bets on Open VSX as VS Code's IDE Crown Shows Cracks

#OpenVSX #VSCode #AWS #OpenSource #AusNews #AusTech

thedailyperspective.org/article/2026-03-03-aws-b...

Open VSX Adds Pre-Publish Security Checks

~Socket~
The Open VSX Registry is implementing pre-publish security checks to combat malicious extensions after repeated supply chain incidents.
-
IOCs: (None identified)
-
#OpenVSX #SupplyChain #ThreatIntel

Alert: Open VSX Registry compromised! Malicious updates in popular extensions spread GlassWorm malware. Developers, check your extensions now! #CyberSecurity #SupplyChainAttack #OpenVSX Link: thedailytechfeed.com/open-vsx-sup...

Open VSX Marketplace Hit by Supply Chain Attack Spreading "GlassWorm" Malware A supply chain attack on the Open VSX Registry where a compromised developer account was used to publish malicious versions of four extensions, distributing the GlassWorm malware loader.

📢 Open VSX Registry hit by supply chain attack! A compromised developer account was used to inject GlassWorm malware into 4 popular VS Code extensions, affecting 22k+ downloads. #OpenVSX #SupplyChain #Malware #GlassWorm

New GlassWorm attack targets macOS via compromised OpenVSX extensions A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

New #GlassWorm attack targets #macOS via compromised #OpenVSX extensions

www.bleepingcomputer.com/news/security/new-glassw...

#cybersecurity

New GlassWorm attack targets macOS via compromised OpenVSX extensions Visual Studio Code marketplace as well as OpenVSX read more about New GlassWorm attack targets macOS via compromised OpenVSX extensions

New GlassWorm attack targets macOS via compromised OpenVSX extensions reconbee.com/new-glasswor...

#GlassWormattack #GlassWorm #macOS #openVSX #cybersecurity #cyberattacks

Open VSX Marketplace Hit by Supply Chain Attack Spreading "GlassWorm" Malware A supply chain attack on the Open VSX Registry where a compromised developer account was used to publish malicious versions of four extensions, distributing the GlassWorm malware loader.

📢 Open VSX Registry hit by supply chain attack! A compromised developer account was used to inject GlassWorm malware into 4 popular VS Code extensions, affecting 22k+ downloads. #OpenVSX #SupplyChain #Malware #GlassWorm

Open Vsx Supply Chain Attack Spreads Glassworm
Read More: buff.ly/e6UnZRQ

#OpenVSX #GlassWorm #SupplyChainAttack #DeveloperTools #MaliciousUpdates #OpenSourceRisk #ThreatIntel #SoftwareSecurity

Alert: GlassWorm malware infiltrates Open VSX extensions, targeting macOS developers. Ensure your extensions are up-to-date and review security practices. #CyberSecurity #OpenVSX #GlassWorm Link: thedailytechfeed.com/glassworm-ma...

Alert: GlassWorm malware infiltrates Open VSX extensions, targeting macOS developers. Ensure your extensions are up-to-date and review security practices. #CyberSecurity #OpenVSX #GlassWorm Link: thedailytechfeed.com/glassworm-ma...

Open VSX Registry Deploys GlassWorm Malware via Four Malicious Extension Versions A compromised developer account on Open VSX distributed GlassWorm malware that targeted macOS systems to steal sensitive data.

Full Article: www.technadu.com/open-vsx-reg...

Are your teams auditing IDE extensions and registries regularly?
Comment with your mitigation strategies 👇
#CyberSecurity #SupplyChainSecurity #OpenVSX #GlassWorm #MalwareAnalysis #DeveloperSecurity

🚨 GlassWorm malware delivered via Open VSX extensions
A compromised developer account pushed four malicious VS Code extensions targeting macOS credentials, VPNs & wallets - a clear supply-chain threat.

#CyberSecurity #SupplyChainAttack #OpenVSX #Malware

GlassWorm Loader Hits Open VSX via Suspected Developer Accou... Threat actors compromised four oorzc Open VSX extensions with than 22,000 downloads, pushing malicious versions that install a staged loader, evade Ru...

🚨 New research: Threat actors compromised four #OpenVSX extensions, pushed malicious updates that load encrypted malware, evade Russian locales, and fetch C2 instructions via #Solana memos, leading to macOS credential and wallet theft.

Full analysis: socket.dev/blog/glasswo...

Over 5,000 developer systems compromised via a malicious Open VSX extension. Attackers used blockchain for resilient command infrastructure. Stay vigilant! #CyberSecurity #Malware #OpenVSX Link: thedailytechfeed.com/malicious-vs...