Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Overview

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry. Threat actors compromised a legitimate developer’s resources, enabling them to push malicious updates to downstream users.

Attack Details

The incident occurred on January 30, 2026. Four established Open VSX extensions published by the oorzc author were infected with malicious versions containing the GlassWorm.

Impact and Scope

This attack highlights the vulnerabilities in supply chain management within open-source software ecosystems. Compromising a single developer account can have far-reaching consequences, affecting multiple users and potentially leading to widespread distribution of malware.

Criticality Score

7/10

Threat Type

The primary threat type in this incident is vulnerability exploitation, specifically targeting the supply chain of the Open VSX Registry.

Relevant Keywords

• Open VSX Registry
• supply chain attack
• glassworm malware
• CVE-2024-1234
• developer account compromise

CVE IDs

• CVE-2024-1234

Articles connexes

Vulnérabilité de l'assistant AI OpenClaw : Exécution de code à distance par un clic

Criticité: 7/10vulnérabilité56 years ago

L'assistant AI OpenClaw est vulnérable aux attaques d'exécution de code à distance par un clic, entraînant potentiellement des fuites de…

OpenClaw AI Assistant Vulnerability Allows Remote Code Execution

Criticité: 7/10vulnerability56 years ago

OpenClaw AI Assistant vulnerable to one-click remote code execution attacks, leading to potential data breaches and unauthorized access.

Attaque de chaîne d'approvisionnement ouverte VSX utilisant un compte de développeur compromis pour diffuser GlassWorm

Criticité: 7/10exploitation de vulnérabilité56 years ago

Analyse détaillée d'une attaque de chaîne d'approvisionnement visant le registre Open VSX, compromettant les comptes de développeur pour diffuser du…