The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware.

A malvertising campaign has spread fake Claude Code install pages through Google Ads, delivering the Amatera infostealer to ...

Has AI coding reached a tipping point? That seems to be the case for Spotify at least, which shared this week during its fourth-quarter earnings call that the best developers at the company “have not ...

Here’s a little something that maybe you or someone you know might need to hear today. Just because something terrible happens, it doesn’t’ mean that you have to stop moving forward. You just need to ...

Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted ...