https://invaders.ie/resources/blog/supply-chain-security/glassworm-openvsx-sleeper-extensions-malware-delivery Invaders Security en 2026-04-28T08:06:19.898Z GlassWorm sleeper extensions turn Open VSX updates into a malware delivery path GlassWorm Open VSX sleeper extensions, OpenVSX malicious extension update, developer supply chain malware, VSIX payload delivery, GitHub hosted extension malware, developer secrets theft https://invaders.ie/resources/blog/vulnerability/cve-2026-33032-nginx-ui-mcp-server-takeover Invaders Security en 2026-04-27T08:03:32.709Z CVE-2026-33032 lets attackers take over exposed nginx-ui servers CVE-2026-33032, nginx-ui vulnerability, MCP auth bypass, nginx server takeover, reverse proxy security, active exploitation