Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories
aikido.dev
March 15, 2026
4 min read
Summary
Glassworm malware has re-emerged, compromising over 150 GitHub repositories, npm, and VS Code through the use of hidden Unicode characters. This resurgence follows previous activity traced back to the same threat actor, highlighting ongoing vulnerabilities in these platforms.
Key Takeaways
- Glassworm has returned with a new wave of attacks, compromising over 150 GitHub repositories, as well as npm and VS Code marketplaces.
- The attacks utilize invisible Unicode characters to encode malicious payloads within seemingly empty code snippets, which are decoded and executed at runtime.
- The compromised repositories include notable projects, indicating a significant risk of downstream supply chain impacts.
- Attackers are likely employing large language models to generate realistic commit changes, making detection more challenging.
Community Sentiment
NegativeConcerns
- Invisible Unicode characters complicate text processing and can lead to security vulnerabilities, raising concerns about the integrity of code repositories.
- The lack of automated rules to detect zero-width characters indicates a significant oversight in repository security practices, potentially exposing users to hidden attacks.
- Relying solely on repository operators to guard against Unicode-based attacks is unrealistic; proactive measures are necessary to ensure community safety.
Source
aikido.dev
Published
March 15, 2026
Reading Time
4 minutes
Relevance Score
62/100
🔥🔥🔥🔥🔥
Why It Matters
This page is optimized for focused reading: quick context up top, a clean summary block, and a direct path to the original source when you want the full story.