GlassWorm is a campaign cluster deploying malicious extensions that hide payloads inside software dependency chains rather than within the extensions themselves, bypassing static analysis and surface-level code review (CWE-829, CWE-494; MITRE T1195.001, T1554); no specific package ecosystems, registries, or vendors have been confirmed in available source data, and confidence in ecosystem specifics is low. Organizations should audit recently added extensions in developer toolchains and CI/CD pipelines, run SCA tooling capable of deep dependency graph inspection, and compare installed dependency trees against pinned lock files for unexplained additions or substitutions. Enforce dependency pinning, lock file integrity checks, and package signing verification as long-term pipeline controls.