The article discusses the discovery of GlassWorm, the first self-propagating worm targeting VS Code extensions on the OpenVSX marketplace, utilizing invisible Unicode characters to hide malicious code from developers and code review tools. This sophisticated attack collects credentials, drains cryptocurrency wallets, and employs blockchain for its command and control infrastructure, making it a significant security threat to developers.

Hackers are exploiting the RedTiger open-source tool to create an infostealer that targets Discord accounts, collecting sensitive data such as credentials, payment information, and personal files. The malware operates by injecting JavaScript into Discord and harvesting information from both the application and the victim's web browser. Users are advised to be cautious and take protective measures against this threat.