Advertisement
HIGH
Supply Chain
GlassWorm Campaign Leverages Malicious VS Code Extensions
Runtime Rebel details the GlassWorm campaign, which infects developers via malicious Visual Studio Code extensions on Open VSX, facilitating a supply chain attack.
Runtime Rebel Intel
5 min read·Apr 28, 2026
SU
HIGH
Supply Chain
GlassWorm Malware: Cloned Open VSX Extensions Target Developers
Over 70 malicious Open VSX extensions cloned from popular tools deliver GlassWorm malware, highlighting risks in developer-focused supply chain attacks.
Runtime Rebel Intel
3 min read·Apr 28, 2026
HIGH
Supply Chain
Open VSX Registry Security Bypass: Malicious VS Code Extensions Risk
A logic error in the Open VSX pre-publish scanning pipeline allowed malicious VS Code extensions to bypass security checks. Read our technical analysis.
Runtime Rebel Intel
3 min read·Mar 27, 2026
HIGH
Supply Chain
GlassWorm Abuses Open VSX Registry in Supply-Chain Attack
The GlassWorm campaign exploits transitive dependencies in 72 Open VSX extensions to deliver malicious loaders into developer environments.
Runtime Rebel Intel
3 min read·Mar 14, 2026