Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Open VSX hit by network compromise linked to GlassWorm

Incident
First reported
Last updated
Happening score
H score 14
1 unique sources, 2 articles

Summary

Hide ▲

Open VSX suffered an account compromise tied to GlassWorm, forcing access-token rotation for an undisclosed number of breached accounts. The incident affected a software marketplace used by extension developers and users, raising the risk of unauthorized access to connected accounts. Open VSX also implemented security enhancements and said the incident was closed.

Related Happenings

GlassWorm v2 cloned VS Code extension loaders

Malware Activity
First: 27.04.2026 14:23 Last: 27.04.2026 14:23 Sources 1

About this happening: The **GlassWorm v2** malware activity now uses **cloned VS Code extensions** on **Open VSX** to deliver payloads that steal credentials, deploy a **RAT**, and spread across multip...

Open Happening

Open VSX pre-publish scanning fail-open now patched security flaw

Vulnerability
First: 27.03.2026 15:57 Last: 27.03.2026 15:57 Sources 1

About this happening: A **now-patched fail-open bug** in **Open VSX's pre-publish scanning pipeline** could let **malicious VS Code extensions** bypass vetting and go live in the registry, weakening a...

Open Happening

SQL Server elevation-of-privilege flaw (CVE-2026-21262)

Vulnerability
First: 10.03.2026 19:49 Last: 10.03.2026 19:49 Sources 1

About this happening: **Microsoft** patched **CVE-2026-21262** in **SQL Server**, closing a publicly disclosed **elevation-of-privilege** flaw that can grant **SQLAdmin** privileges over the network. T...

Open Happening

Cline AI coding assistant hit by network compromise

Incident
First: 09.03.2026 01:35 Last: 09.03.2026 01:35 Sources 1

About this happening: The **Cline** coding assistant suffered a **supply-chain compromise** that installed a rogue **OpenClaw** instance on **thousands of systems**, creating unauthorized **full system...

Open Happening

Microsoft Windows Admin Center patch for CVE-2026-26119

Security Patch Release
First: 19.02.2026 19:40 Last: 19.02.2026 19:40 Sources 1

About this happening: Microsoft shipped **Windows Admin Center version 2511** to patch **CVE-2026-26119**, closing an **improper authentication** flaw that could let an authorized attacker **elevate pr...

Open Happening

Timeline

  1. 08.11.2025 18:17 3 articles · 6mo ago

    GlassWorm returns to OpenVSX and Open VSX remediates breached accounts

    Initial Disclosure

    GlassWorm returns to OpenVSX via three new VSCode extensions that reuse invisible Unicode character obfuscation, Solana transactions, and updated C2 endpoints to target GitHub, NPM, and OpenVSX credentials; Open VSX rotates access tokens for breached accounts, adds security enhancements, and closes the incident.

    Show sources
    Open in new tab