The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
The Hacker News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...

Hacker says they compromised millions of confidential police tips held by US company

By Raphael Satter WASHINGTON, March 18 (Reuters) - A hacker says they have broken into a U.S. platform for searching law enforcement hotline messages and compromised more than 8 million confidential ...

PSA: Hackers can raid iOS 18 with an infected link

The ‘DarkSword’ attack technique can covertly steal messages, contacts, saved credentials, cryptocurrency wallets, and more ...

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Researchers reveal how Microsoft Copilot can be manipulated by prompt injection attacks to generate convincing phishing messages inside trusted AI summaries.