ADVERTISEMENT

Hundreds of code repos falling like dominoes, infected by new wave of self-replicating malware

Hundreds of GitHub and npm repositories, and dozens of extensions for VS Code and other code editors, have been compromised in a new massive wave of the GlassWorm supply chain attack. Thousands of developers are at risk, with the latest victims being popular React Native packages with over 130,000 monthly downloads.

glassworm

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Mar 18, 2026 Updated: 18 March 2026 3 min read

Hundreds more compromised repositories

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
Has my data been leaked?
ADVERTISEMENT
github logo
Github logo. By Shutterstock.

Fifth wave: GlassWorm is evolving

hackers contaminated the openvsx marketplace

ADVERTISEMENT