GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

Trivy supply-chain attack spreads to Docker, GitHub repos

The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

TeamPCP hackers deface Aqua Security's internal GitHub

Aqua Security is scrambling to recover from supply chain attacks that first compromised the vendor's Trivy vulnerability ...

Kusari Brings Enterprise-Grade AI Code Review & Dependency Management to CNCF and OpenSSF Communities

Kusari Inspector is now free to CNCF and OpenSSF projects, delivering AI-powered dependency, license and security ...
CoinDesk

OpenClaw developers targeted in GitHub phishing scam offering fake token airdrops

Attackers impersonate OpenClaw on GitHub, luring developers with bogus CLAW giveaways that trick users into connecting crypto ...
RCR Wireless News

Department of War takes aim at closed RAN stacks with open source

Ecosystem Foundation challenges RAN gatekeeping that has been stalling the open RAN movement. Opinions on open RAN (Radio ...

Why Garry Tan’s Claude Code setup has gotten so much love, and hate

Thousands of people are trying Garry Tan's Claude Code setup, which was shared on Github. And everyone has an opinion: even ...

Fake AI Developer Tools Are Distributing Amatera and AMOS Malware

Hackers are using malvertising campaigns to disguise infostealers as AI tools.
diginomica

Open source maintainers are drowning in AI-generated security noise - $12.5 million is being deployed to throw them a lifeline

AI is burying open source maintainers under a flood of automated security reports they don't have the time or tools to ...