WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.
Tom's Hardware on MSN

Invisible malicious code attacks 151 GitHub repos and VS Code

The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
GIGAZINE

A report that a fake VSCode extension was created and downloaded and that a flaw in the VSCode extension system that makes it easy to insert malicious code was also revealed

Microsoft's text editor 'Visual Studio Code (VSCode)' allows you to add functions and customize the appearance by introducing extensions. Security researchers released 'fake extensions that insert ...
The Hacker News

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
Your Story

GitHub Copilot Chat extension goes open source in VS Code

Microsoft’s Visual Studio Code (VS Code) team has reached a key milestone in its vision to transform VS Code into an open‑source AI editor. On 30 June 2025, the team announced that the GitHub Copilot ...