If you find a security vulnerability in glassworm-hunter, please report it responsibly.

Email: afine@afine.com

Please include:

• Description of the vulnerability
• Steps to reproduce
• Impact assessment (if possible)

If you discover new GlassWorm indicators of compromise (malicious extensions, npm packages, C2 IPs, wallet addresses), please submit them via:

1. GitHub Issue - open an issue with the new-ioc label
2. Email - afine@afine.com

Include as much context as possible: source URL, discovery date, wave attribution if known.

This policy covers the glassworm-hunter codebase and its IoC database. It does not cover the GlassWorm malware itself - for active incident response, contact your organization's security team.