The Glassworm botnet embedded GlasswormRAT in VSCode-compatible extensions, npm packages, PyPI packages, and GitHub repositories targeting software developers since early 2025. C2 infrastructure was severed May 26, 2026, but any developer machine infected prior to that date remains compromised and requires manual eradication. This is the week’s highest-priority item because a single infected developer workstation can propagate malicious code into production build pipelines, affecting downstream customers and partners.