GLOBAL SITUATIONMONITORING

482 published briefsUTCSun, Apr 5 18:43:06

Intelligence Tag

VSCode supply chain attack

Malicious VSCode and OpenVSX extensions delivering payloads, stealing tokens, and persisting via LaunchAgents.

1 intelligence brief← Intelligence Hub

GlassWorm macOS malware targets crypto wallets again

GlassWorm macOS malware returns via rogue VSCode/OpenVSX extensions that plant AppleScript payloads, steal developer tokens, and try to swap Ledger and Trezor apps.

Lara De Jong

Jan 5, 2026

4–5 minutes