GlassWorm Returns New Wave Strikes as We Expose Attacker Infrastructure

“…on November 6, 2025 - sixteen days later - we detected a new wave of GlassWorm infections. Three more extensions compromised. A fresh Solana blockchain transaction providing new C2 endpoints. Same attacker infrastructure, still fully operational.\n\nBut here’s where this story gets more serious. We managed to access the attacker’s server. What we found inside confirmed the real-world impact: a partial list of victims from around the world - the US, South America, Europe, Asia - including a major government entity from the Middle East.\n\nAnd it’s not just OpenVSX. Developers have reported that GlassWorm has jumped to GitHub repositories, using AI-generated commits to hide its invisible payloads in what looks like legitimate code changes.\n\nTo read the complete article see: GlassWorm Returns.