The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

More fun than it should be, honestly.

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

How can an extension change hands with no oversight?

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...

GlassWorm恶意软件活动正被用于推动一场持续攻击，该攻击利用窃取的GitHub令牌向数百个Python仓库注入恶意软件。

The phishing site it is not affiliated with Igloo Inc or Pudgy Penguins, but is designed to lure fans and steal their crypto ...

该攻击活动以OpenAI Atlas浏览器为诱饵，通过Google赞助搜索结果传播，将用户引导至虚假的Google Sites网址。该网址包含一个下载按钮，点击后会显示打开终端应用程序并粘贴命令的指令。这一操作会下载一个shell脚本，提示用户输入系统密码，并以用户级权限运行MacSync。