1 report
Threat actors hijacked a trusted publisher account on the Open VSX Registry to weaponize four popular developer extensions with the Glassworm infostealer. Impacting 22,000 downloads, the malware targets AWS credentials and GitHub tokens to gain insider access to corporate environments.
