The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Two incidents from the last two weeks of February need to be read together, because separately they look like cautionary anecdotes and together they look ...

IOTA launched a Get Started hub with paths for users, developers, and builders, combining onboarding tools, wallets, docs, ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

No credit card needed.

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub ...