Home OSINT News Signals
CYBER

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

FC
Falcon Cyber Desk
2026-03-17
đź•“ 1 min read

EXCLUSIVE: GLASSWORM MALWARE RETURNS IN MASSIVE SUPPLY-CHAIN SIEGE, HUNDREDS OF CODE REPOSITORIES POISONED

A dormant cyber threat has just roared back to life with devastating coordination. The notorious GlassWorm campaign has executed a sweeping new supply-chain attack, successfully poisoning over 400 packages, repositories, and extensions across critical platforms including GitHub, npm, and VSCode/OpenVSX. This is not a simple data breach; it is a surgical strike on the very tools developers trust, turning legitimate code into a Trojan horse for widespread malware distribution.

Security teams are scrambling as the campaign’s sophistication suggests the use of multiple zero-day vulnerabilities to gain initial access. The attackers are deploying a multi-stage payload designed to evade detection, with ransomware and data exfiltration modules poised for activation. This move from stealthy infiltration to aggressive exploitation signals a dangerous escalation in cyber warfare tactics, directly threatening the global software supply chain.

"These are not opportunistic hackers. This is a highly resourced, state-aligned actor testing our collective defenses," revealed a senior threat intelligence analyst, speaking on condition of anonymity. "They are exploiting the inherent trust in open-source repositories. One compromised package can cascade into thousands of downstream breaches."

Every developer and company using these public repositories is now on the front line. A single poisoned dependency can lead to a catastrophic network-wide ransomware event or a silent, massive data breach. This attack also casts a long shadow over the crypto and blockchain security ecosystem, where compromised development tools could undermine the integrity of smart contracts and digital assets.

We predict a wave of high-profile compromises will surface in the coming weeks as the full scope of this campaign is uncovered. The race is on to find and patch every vulnerability GlassWorm exploited.

The open-source world has been handed a live grenade. The pin is already pulled.

Telegram X LinkedIn
Back to News
OSINT BotDeep intelligence on any target
News ChannelReal-time cyber & crypto alerts
Read Also
US Lawmakers Propose Legislation To Ban Betting on War and Death on Prediction Markets
This month in security with Tony Anscombe – January 2026 edition
Trump’s 2026 Cybersecurity Strategy: Shifting the Paradigm from Compliance to Consequence - Falcon News
EU Imposes Sanctions on Chinese and Iranian Entities for Cyberattacks on Critical Infrastructure - Falcon News