GlassWorm evolves with Zig dropper to infect multiple developer tools

The GlassWorm campaign has evolved to use a Zig-compiled dropper hidden within a fake IDE extension to infect multiple developer tools, including VS Code, Cursor, and VSCodium. This sophisticated attack chain allows threat actors to stealthily compromise developer environments at scale by installing a second-stage dropper that steals data and deploys a persistent RAT.