Developer tooling under attack
A new GlassWorm campaign is spreading through the OpenVSX extension marketplace and has been observed hitting editors and cloud dev environments such as VS Code, Cursor and Windsurf, turning convenience into an attack surface for developer workflows. At the same time, a Qualys analysis of one billion CISA KEV remediation records shows many critical flaws are exploited faster than defenders can patch, pushing teams toward automation and stricter defaults rather than ad-hoc individual patching. (gbhackers.com) (bleepingcomputer.com)
A code editor extension is supposed to be a shortcut, like adding a new blade to a Swiss Army knife. In the GlassWorm campaign, that shortcut turned into the delivery truck for malware inside developer tools people use all day. (bleepingcomputer.com) An extension marketplace is the app store for coding tools, and Open VSX is one of the biggest alternatives to Microsoft’s own Visual Studio marketplace. The Open VSX site says it is run by the Eclipse Foundation and exists specifically as an alternative registry for editor extensions. (open-vsx.org) That matters because newer coding assistants often plug into Open VSX behind the scenes. Cursor told users in July 2025 that its in-app extension library had switched to Open VSX, and Windsurf’s documentation says its editor uses the Open VSX Registry for extensions. (forum.cursor.com) (docs.windsurf.com) GlassWorm first showed how ugly that can get in October 2025, when BleepingComputer reported a supply-chain attack on OpenVSX and Microsoft Visual Studio marketplaces with an estimated 35,800 installs. A supply-chain attack means the attacker poisons the tool you trust, so the victim installs the malware for them. (bleepingcomputer.com) The trick was unusually sneaky. Reporting on the campaign said the attackers hid JavaScript in invisible Unicode variation selectors, which are characters that look blank to a human reviewer but still get parsed by software. (gbhackers.com) The campaign did not stay small. BleepingComputer reported on March 17, 2026 that GlassWorm had expanded into 400-plus GitHub repositories, Node Package Manager packages, and Visual Studio Code and OpenVSX extensions, while Socket said it found at least 72 additional malicious Open VSX extensions starting on January 31, 2026. (bleepingcomputer.com) (socket.dev) The second half of the story is why this keeps working. Qualys analyzed more than one billion Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities remediation records across 10,000 organizations from 2022 through 2025 and found the average time-to-exploit had collapsed to negative one day. (qualys.com) (cisa.gov) Negative one day means attackers are often using a flaw before defenders have even finished reading the advisory, and Qualys said half of 52 weaponized vulnerabilities in its sample were exploited before public disclosure. In the same dataset, 88% of those high-profile flaws were remediated slower than they were exploited. (cdn2.qualys.com) That is why “just patch faster” no longer fits the numbers. If the extension store can feed malware straight into Visual Studio Code, Cursor, or Windsurf, and the exploit clock starts before patch day, then security has to move earlier than the install button and earlier than the human review queue. (bleepingcomputer.com) (forum.cursor.com) (docs.windsurf.com) (qualys.com) The practical shift is away from personal judgment and toward hard guardrails. Qualys argues for automated prioritization and stricter defaults, and the GlassWorm case points in the same direction: fewer marketplaces, fewer publishers, tighter allowlists, and less trust in any package just because it appears inside a familiar editor. (bleepingcomputer.com) (socket.dev)
