GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
Summary
The GlassWorm malware campaign has resurfaced with a significant supply-chain attack, compromising over 400 code repositories across GitHub, npm, and VSCode/OpenVSX extensions. This coordinated effort signifies a renewed threat to software development pipelines.
IFF Assessment
This campaign represents a sophisticated supply-chain attack that could compromise numerous downstream projects and users by infecting widely used development platforms and packages.
Defender Context
Defenders need to be vigilant about the integrity of their software supply chains, focusing on securing dependencies and extensions used in their development environments. This attack highlights the increasing sophistication of supply-chain compromises, requiring robust security practices for code repositories and package managers.