Vscode

• Glassworm: The Supply Chain Attack Hidden in Plain Sight -- Inside Invisible Unicode Characters March 15, 2026

  Glassworm compromised 151+ GitHub repositories, 72 VS Code extensions, and multiple npm packages using malicious payloads hidden inside invisible Unicode characters that no code reviewer can see. The C2 infrastructure runs on Solana -- it cannot be taken down.