A recent cybersecurity incident has exposed a significant supply chain attack targeting the Open VSX registry. Threat actors managed to compromise a developer's account, which then served as a gateway to inject malicious code into legitimate packages. This allowed them to distribute a previously unknown malware, dubbed GlassWorm, to unsuspecting users who downloaded these compromised packages.
The attack highlights the vulnerabilities inherent in supply chain dependencies. Open VSX, a vital repo sitory for open-source software components, is used by many developers and organisations. By compromising a developer account within this trusted environment, the attackers could effectively poison the well, distributing their malware through seemingly legitimate updates and installations. The GlassWorm malware itself is a new discovery, and its full capabilities and objectives are still under investigation by security researchers.
The attackers leveraged their access to modify existing packages, ensuring that their malicious payload would be delivered alongside the intended software. This stealthy approach makes such attacks particularly dangerous, as they can go unnoticed for extended periods, potentially infecting a wide range of systems. The incident serves as a stark reminder for developers and organisations to exercise extreme caution when relying on third-party code and to implement robust security measures to vet and monitor their software supply chains.
Fuente Original: https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html
Artículos relacionados de LaRebelión:
- Kimi K25 El LLM Open Source que Revoluciona las Abejas de Agentes
- Reprompt Attack Explotando Copilot con Spear Phishing
- Arcee IA Open Source Americana Revive con Trinity
- Ucrania Plataforma Open Source para Red Electrica Segura
- CrowdStrike y NVIDIA IA Open Source Segura
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario