GoKawiilThe invisible threat we've been tracking for nearly a year is back. While the PolinRider campaign has been making headlines for compromising hundreds of GitHub repositories, we are separately seeing a new wave of Glassworm activity hitting GitHub, npm, and VS Code.
In October last year, we wrote about how hidden Unicode characters were being used to compromise GitHub repositories, tracing the technique back to a threat actor named Glassworm. This month, the same actor is back, and among the affected repositories are some notable names: a repo from Wasmer, Reworm, and opencode-bench from anomalyco, the organization behind OpenCode and SST.
A Year of the Invisible Code Campaign
March 2025: Aikido first discovers malicious npm packages hiding payloads using PUA Unicode characters
May 2025: We publish a blog detailing the risks of invisible Unicode and how it can be abused in supply chain attacks
October 17, 2025: We uncover compromised extensions on Open VSX using the same technique
October 31, 2025: We discover that the attackers have shifted focus to GitHub repositories
March 2026: A new mass wave emerges: hundreds of GitHub repositories compromised, with npm and VS Code also affected.
A Quick Refresher
Before diving into the scale of this new wave, let’s recap how this attack works. Even after months of coverage, it continues to catch developers and tooling off guard.
... continue reading