Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories
10 hours ago
- #GitHub-security
- #cybersecurity
- #supply-chain-attacks
- Glassworm threat actor returns with new attacks on GitHub, npm, and VS Code.
- Technique involves invisible Unicode characters to hide malicious payloads in code.
- Notable repositories compromised include Wasmer, Reworm, and anomalyco's opencode-bench.
- Timeline of attacks spans from March 2025 to March 2026, affecting multiple platforms.
- Attackers use AI-assisted camouflage to blend malicious commits with legitimate-looking changes.
- Detection requires specialized tools as standard code review methods fail to spot invisible threats.
- Aikido offers solutions like Safe Chain to detect and block such supply chain attacks.