InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Lovable exec says 'big boys and girls' like OpenAI and Anthropic worry her more than other vibe coding startups

Other vibe coding players are not the biggest competition, says Elena Verna, Lovable's head of growth.
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.