Skills
GlassWorm: 72 Malicious Open VSX Extensions in Two-Stage Supply Chain Attack Targeting Claude Code and Antigravity Users
Security researchers confirmed 72 malicious Open VSX extensions active between March 3–9, 2026, mimicking linters, formatters, and AI coding tool integrations for Claude Code and Google Antigravity — 151 GitHub repositories were affected. Each extension contained an encoded loader invisible to editor review that fetched a second-stage script to exfiltrate tokens, API keys, and secrets at runtime. Extensions were undetectable without behavioral analysis, making static review of extension source insufficient as a defense.
↳ Follow the thread