Vscode

• WaterPlum's VS Code Trap: How Opening a Folder Deploys a RAT March 25, 2026

  North Korean threat group WaterPlum is distributing StoatWaffle malware via malicious VS Code projects that auto-execute on folder open. Fake developer job interviews deliver the payload -- no click required once you open the repo.

• Glassworm: The Supply Chain Attack Hidden in Plain Sight -- Inside Invisible Unicode Characters March 15, 2026

  Glassworm compromised 151+ GitHub repositories, 72 VS Code extensions, and multiple npm packages using malicious payloads hidden inside invisible Unicode characters that no code reviewer can see. The C2 infrastructure runs on Solana -- it cannot be taken down.