Dark Reading

GlassWorm Returns, Slices Back into VS Code Extensions

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...