{
  "title": "GlassWASM: Trojanized Open VSX Extensions Used TinyGo WebAssembly and Solana Memo C2",
  "summary": "Socket says two trojanized Open VSX extensions delivered a TinyGo-compiled WebAssembly loader that read Solana memo data to resolve `dodod[.]lat`, then built OS-specific download-and-execute commands for developer endpoints.",
  "date": "2026-06-20",
  "severity": "high",
  "tags": [
    "open-vsx",
    "vscode-extensions",
    "supply-chain",
    "wasm",
    "solana",
    "developer-endpoints"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "glasswasm-open-vsx-extensions",
    "since": "2026-06-20T00:00:00Z",
    "until": "2026-06-20T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [
      "558b4f1d9a263c13756ab0126c09dd080c85ba405b29488e1c4e6aa68b554f1f",
      "3aa31999398e7f80231c03d7137ffdb554a84b83dbcffc59ce16c9a65f9e5d58",
      "1e283327ad048bea39f4a8501770858a20f3555e87fe3e202274f2e87f8a3c25"
    ],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}