The Glassworm botnet targeted software developers via malicious IDE extensions for Cursor, Positron, Windsurf, and VSCodium, compromised GitHub repositories, and trojanized npm and Python packages. The C2 infrastructure was taken down by CrowdStrike, Google, and Shadowserver, but residual infections and copycat packages remain a live risk for developer environments and CI/CD pipelines.