Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...

Cursor is a free, open‑source code editor based on Visual Studio Code. It integrates large language models directly into your workflow, giving you AI‑powered autocomplete, inline code generation, a ...

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

Be careful which extensions you install in Chrome.

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...

Try these extensions and you'll wonder how you ever lived without them!

Malicious browser extensions are an overlooked security threat with access to all your SaaS data. Learn how to detect and stop them before damage is done.

Malicious browser extensions disguised as TikTok downloaders compromised 130,000 users, exposing a growing blind spot in ...