A new self-spreading malware named Glassworm has been discovered targeting OpenVSX and Visual Studio Code registries. This sophisticated malware exploits vulnerabilities in popular code registries to propagate itself and potentially compromise developer environments. Glassworm's ability to spread autonomously through these registries poses a significant threat to software supply chains and developer security. The malware leverages registry manipulation techniques to maintain persistence and evade detection, making it a formidable adversary for cybersecurity defenses. Organizations using OpenVSX and VS Code are urged to update their software and implement robust security measures to mitigate the risk of infection. This incident highlights the growing trend of malware targeting development tools and environments, emphasizing the need for heightened vigilance and proactive security strategies in the software development lifecycle. Cybersecurity teams should monitor for unusual registry activities and apply patches promptly to defend against Glassworm and similar threats. The emergence of Glassworm underscores the critical importance of securing code registries and development platforms against evolving cyber threats.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 20 Oct 2025 16:15:14 +0000