The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
Summary + source link. No paywalls, no tracking.