Visual Studio Code

Attackers are posting thousands of fake Visual Studio Code vulnerability alerts in GitHub Discussions, using fabricated CVEs and urgent language to trick developers into downloading malware.

GlassWorm campaign expands across Open VSX, npm, and GitHub with invisible Unicode payloads and Solana-based C2. Developers urged to audit dependencies immediately.