CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
XDA Developers on MSN

VS Code is an open-source platform these days, not just a development tool

At its core, VS Code is built on an open source project called Code OSS, published under the permissive MIT license.
The Register on MSN

Microsoft drops surprise Windows Server patch before weekend downtime

You didn't have plans, did you? Microsoft has released an out-of-band update to patch a critical vulnerability in Windows ...
The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.

Hidden "Glassworm" malware spreads through infected VS Code extensions

A new malware worm campaign has infected multiple Microsoft Visual Studio Code extensions using invisible Unicode characters ...
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

Dangerous and invisible worm found in Visual Studio Code extensions

A malware that steals credentials and cryptocurrencies uses Unicode for invisible code and installs a remote access trojan.
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...

Self-spreading GlassWorm malware hits OpenVSX, VS Code registries

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with ...