[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:glassworm-campaign-uses-zig-dropper-to-infect-multiple-developer-ides-mnvwe3qm":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":16,"article_ids":17,"ioc_summary":19,"source_urls":20,"status":22,"expires_at":23,"created_at":24,"updated_at":25,"articles":26},"55ada461-5c3f-41cc-a68c-0ba59ecb7d52","GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs","glassworm-campaign-uses-zig-dropper-to-infect-multiple-developer-ides-mnvwe3qm","GlassWorm campaign distributed a malicious Zig dropper through fake VS Code extensions on Open VSX marketplace, targeting developer environments. The dropper identifies all IDEs on infected systems and deploys a second-stage extension that steals credentials and executes C2 commands via Solana blockchain. Any developer who installed 'specstudio.code-wakatime-activity-tracker' or 'floktokbok.autoimport' should be treated as compromised.","critical","advisory",[],[13,14,15],"VS Code","Microsoft","Open VSX","Immediately identify and isolate any developer machines with the affected extensions installed. Assume full credential compromise: force password resets for all users matching this profile, rotate API keys and secrets, and scan for lateral movement and data exfiltration in the past 90 days.",[18],"4e3b12d9-22ce-49b0-8b6b-7e5b7c6207ee",null,[21],"https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Fglassworm-campaign-uses-zig-dropper-to.html","archived","2026-04-14T15:07:38.112+00:00","2026-04-12T15:07:41.174608+00:00","2026-04-14T15:08:54.731139+00:00",[27],{"id":18,"title":6,"url":21}]