Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer’s resources to push malicious updates to downstream users.
“On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm
1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks
A critical vulnerability in OpenClaw, the open-source AI personal assistant trusted by over 100,000 developers, has been discovered and weaponized into a devastating one-click remote
