CSO Online

Typo hackers sneak cross-platform credential stealer into 10 npm packages

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...
The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.
InfoWorld

Threat actors are spreading malicious extensions via VS marketplaces

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to anticipate these risks. However, he added, Microsoft’s marketplace has seen ...
CSO Online

BlueNoroff reemerges with new campaigns for crypto theft and espionage

GhostCall and GhostHire use fake investor meetings and bogus recruiter tests to deliver cross-platform malware to blockchain ...