This morning’s lesson is ugly and simple: trusted onboarding, trusted package managers, and trusted editor marketplaces are all being used as delivery systems.
Top line: Three stories matter right now: attacker-controlled content inside legitimate Robinhood mail, a forged open-source release with secrets-stealing payloads, and delayed-action VS Code extensions built to wake up later.
Attackers abused Robinhood’s account creation process to inject HTML into legitimate login-alert emails sent from noreply@robinhood.com. The messages passed SPF and DKIM, looked real, and pushed victims toward a phishing site. The takeaway is brutal: sender trust alone is dead if application content is not sanitized.
The popular elementary-data package was compromised through GitHub Actions script injection, which exposed a workflow token and let the attacker forge a signed release. Version 0.23.3 then shipped an infostealer targeting SSH keys, cloud credentials, CI secrets, wallet files, and developer environment data, with the same blast radius reaching container images.
Socket found 73 OpenVSX extensions tied to GlassWorm, with six already activated. The new trick is patience: publish something that looks harmless, wait for trust to build, then deliver the payload in a later update. That is a smarter and nastier version of the same ecosystem abuse defenders keep underestimating.
Bottom line: Today’s pattern is not exotic malware. It is ordinary trust being turned into transport. If a workflow, template, or marketplace looks routine, attackers already noticed.
KENSAI helps teams map exposed workflows, risky dependencies, and developer-surface blind spots before those trust paths turn into real incidents.
Start Free Scan →Stay sharp.
🗡️ KENSAI Security Team