Malicious OpenVSX Extension Delivers GlassWorm To VS Code, Cursor, and Windsurf Users

Fri Apr 10 2026

Development

Malware

cyberpress.org

The GlassWorm threat actor has taken another significant step forward. Tracked since early 2025 for using invisible Unicode characters to hide payloads in npm packages, this group has a history of compromising developer tools. Recently, researchers at Aikido uncovered a new campaign in which GlassWorm delivers a persistent Remote Access Trojan (RAT) via a malicious […] The post Malicious OpenVSX Extension Delivers GlassWorm To VS Code, Cursor, and Windsurf Users appeared first on Cyber Security News.