CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain

CrowdStrike, with assistance from Google and Shadowserver, dismantled the Glassworm botnet that had been infecting open-source packages and developer workflows since early 2025. The group pushed malware (including GlasswormRAT) into VSCode extensions, npm/Python packages and 300+ GitHub repositories, targeting developers to harvest credentials and source code across Windows, macOS and Linux; defenders disrupted four attacker servers and disrupted layered propagation channels (Solana blockchain, BitTorrent, Google Calendar, and commercial VPS), and shared IOCs to help organizations hunt for infections.