VSCode Malware, AI Side-Channel & Windows 10 ESU – 11/08/2025

Secure Your Business Now

Today’s threat landscape is marked by the re-emergence of the GlassWorm malware, now targeting developers through malicious VSCode extensions on the OpenVSX marketplace. Microsoft has also disclosed a novel side-channel attack, dubbed ‘Whisper Leak,’ capable of compromising encrypted AI chat communications. Furthermore, a critical deadline approaches for Windows 10 users to enroll in Extended Security Updates to avoid exposure. These developments highlight immediate risks to software supply chains, AI privacy, and legacy system security.

Top 3 Critical Security Alerts

  • GlassWorm malware returns on OpenVSX with 3 new VSCode extensions: The GlassWorm malware campaign has resurfaced on the OpenVSX marketplace, infecting three new VSCode extensions that have already been downloaded over 10,000 times. Read more
  • Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic: Researchers have detailed ‘Whisper Leak,’ a novel side-channel attack that can identify conversation topics in encrypted, streaming-mode AI chat traffic, posing significant privacy risks. Read more
  • Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday: Microsoft urges remaining Windows 10 users to enroll in the free Extended Security Updates (ESU) program before the upcoming Patch Tuesday to remain protected against new vulnerabilities. Read more

Threat Intelligence

  • GlassWorm malware returns on OpenVSX with 3 new VSCode extensions: The GlassWorm malware campaign has resurfaced on the OpenVSX marketplace, infecting three new VSCode extensions that have already been downloaded over 10,000 times. Read more
  • Honeypot: Requests for (Code) Repositories, (Sat, Nov 8th): SANS ISC honeypots have detected an increase in scanning activity targeting code repositories, indicating active reconnaissance for vulnerable source code by threat actors. Read more

Security Tools & Best Practices

  • Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday: Microsoft urges remaining Windows 10 users to enroll in the free Extended Security Updates (ESU) program before the upcoming Patch Tuesday to remain protected against new vulnerabilities. Read more

Emerging Security Technologies

  • Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic: Researchers have detailed ‘Whisper Leak,’ a novel side-channel attack that can identify conversation topics in encrypted, streaming-mode AI chat traffic, posing significant privacy risks. Read more
Contact Us for a FREE Security Consultation!
Picture of Chris Armour

Chris Armour

Director of Software Engineering at Grab The Axe, leads the development of secure, scalable software solutions that drive growth and innovation. With expertise in network security, coding, and AI, he aligns technology strategies with business goals while mentoring high-performing teams. He holds a Bachelor of Science degree in Network Security from the University of Advancing Technology and is dedicated to advancing digital security and software innovation.

YOU MIGHT ALSO LIKE

Social Media Security

Strengthening Social Media Security: A Comprehensive Case Study

US Infrastructure Security

7 Critical US Infrastructure Security Vulnerabilities: US Power and Water Networks: 2020-2023 Insights

Animal Rescue Security

Enhancing Animal Rescue Security: A Comprehensive Case Study