Key Findings * GlassWorm campaign identified targeting developers through 72 malicious Open VSX extensions * Uses sophisticated supply-chain attack technique exploiting extension dependencies * Targets development environments to steal secrets and compromise systems * Employs advanced obfuscation and evasion techniques * Spans multiple platforms including Open VSX, GitHub, and npm registries Background The GlassWorm campaign represents an evolving threat in software supply ch