Developers are frustrated that Anthropic’s Claude Code AI assistant often overrides their explicit “no” command and executes code changes anyway.
GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
Tom's Hardware on MSN
Invisible malicious code attacks 151 GitHub repos and VS Code
The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code editor and terminal.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results