Cybersecurity experts have uncovered a supply chain compromise targeting the Open VSX Registry, where unknown attackers abused a legitimate developer’s account to distribute malicious updates to unsuspecting users.
According to findings from Socket, the attackers infiltrated the publishing environment of a trusted extension author and used that access to release tainted versions of widely used tools.
“On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm malware loader,” Socket security researcher Kirill Boychenko said in a Saturday report.
The compromised extensions had long been considered safe and were positioned as genuine developer utilities, with some having been available for more than two years.
“These extensions had previously been presented as legitimate developer utilities (some first published more than two years ago) and collectively accumulated over 22,000 Open VSX downloads prior to the malicious releases.”
Socket noted that the incident stemmed from unauthorized access to the developer’s publishing credentials. The Open VSX security team believes the bre
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: