AI is changing the world. Don't stay behind. Clear summaries, community insight, delivered without the noise. Subscribe to never miss a beat.

Privacy

Contact

Back to all news

malware github unicode-attacks developer-tools

Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories

Glassworm Returns: Invisible Unicode Malware Found in 150+ GitHub Repositories

aikido.dev

March 15, 2026

4 min read

🔥🔥🔥🔥🔥

62/100

Summary

Glassworm malware has re-emerged, compromising over 150 GitHub repositories, npm, and VS Code through the use of hidden Unicode characters. This resurgence follows previous activity traced back to the same threat actor, highlighting ongoing vulnerabilities in these platforms.

Key Takeaways

Glassworm has returned with a new wave of attacks, compromising over 150 GitHub repositories, as well as npm and VS Code marketplaces.
The attacks utilize invisible Unicode characters to encode malicious payloads within seemingly empty code snippets, which are decoded and executed at runtime.
The compromised repositories include notable projects, indicating a significant risk of downstream supply chain impacts.
Attackers are likely employing large language models to generate realistic commit changes, making detection more challenging.

Read original article

Community Sentiment

Negative

Concerns

Invisible Unicode characters complicate text processing and can lead to security vulnerabilities, raising concerns about the integrity of code repositories.
The lack of automated rules to detect zero-width characters indicates a significant oversight in repository security practices, potentially exposing users to hidden attacks.
Relying solely on repository operators to guard against Unicode-based attacks is unrealistic; proactive measures are necessary to ensure community safety.