TI Mindmap HUB
Threat Intelligence Report

73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations

๐Ÿ“… April 25, 2026 ๐Ÿ“ฐ socket.dev ๐Ÿ” 0 CVE(s) referenced

A new cluster of 73 cloned Open VSX extensions linked to GlassWorm has shifted from sleeper status to active malware delivery, exploiting trusted update paths and sophisticated evasion tactics to target developers.

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle