GlassWorm, a pervasive malware initially declared eradicated, has resurfaced in open-source extensions for Visual Studio Code. Researchers from Koi found new infections in three extensions, which were downloaded over 10,000 times combined. The malware employs invisible Unicode characters, making its malicious code undetectable in code editors while allowing it to execute JavaScript. It has also infiltrated GitHub repositories, disguising itself in AI-generated commits that mimic legitimate changes. The Russia-based attackers continue to exploit the same infrastructure, which remains operational despite previous containment efforts. They've updated their command-and-control methods, using the Solana blockchain to outline new payload distribution points. This resilient approach allows them to circumvent security measures, as infected machines automatically fetch the latest instructions. The threat extends to individual developers and organizations globally, with reports of compromised GitHub credentials and the use of worm techniques to spread further. Experts are raising concerns about the security of open-source platforms like OpenVSX, which lack adequate resources for manual code reviews. David Shipley from Beauceron Security highlighted a fundamental weakness in the model: low-cost approaches lead to insufficient security measures. He advised organizations to consider curated sources with more oversight if they want to mitigate risk. Ensar Seker from SOCRadar emphasized that the threat isn't just the malware itself but a systemic shift in how supply chain vulnerabilities manifest, urging teams to treat their developer environments with the same seriousness as production infrastructure.