GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...
The Hacker News

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
NPR

Trump grants Iran another extension on a deadline to reopen the Strait of Hormuz

The war in the Middle East ramped up on Thursday as Israel launched a wave of strikes targeting Iranian infrastructure in the central city of Isfahan, and said it killed the head of the Iranian ...