A supply chain attack on January 30, 2026, targeting the Open VSX Registry. Attackers compromised a developer’s publishing credentials for the “oorzc” account. This let them release malicious versions of four legitimate VS Code extensions. These tools had built trust over years, with over 22,000 downloads combined. The extensions seemed harmless at first. They included […] The post Malicious GlassWorm Campaign Targets Developers via VSX Extensions appeared first on Cyber Security News.