The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.

Visual Studio 2026 is no longer a preview or a promise, it is a shipping product that developers can install today. Microsoft ...

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.

On October 17, 2025, Cybersecurity researchers identified a self-spreading worm named GlassWorm infecting Visual Studio Code (VS Code) extensions available on the Open VSX Registry and Microsoft ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...

Microsoft updated its free MSSQL extension for Visual Studio Code with new Fabric connectivity and provisioning features in public preview, alongside GitHub Copilot slash commands and multiple ...

Abstract: Scripting languages like Python or JavaScript are extremely popular among developers, in part due to their massive open-source ecosystems that enable smooth code reuse. However, recent work ...

Abstract: We present an autonomous exploration method for autonomous aerial vehicles (AAVs) for three-dimensional (3D) exploration tasks. Our approach, utilizing a cooperation strategy between common ...

Cybersecurity researchers have uncovered a loophole in Microsoft’s Visual Studio Code (VS Code) Marketplace that enables attackers to reuse deleted extension names, potentially allowing malware to ...

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security ...