The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

Attackers impersonate OpenClaw on GitHub, luring developers with bogus CLAW giveaways that trick users into connecting crypto wallets and exposing funds to malicious drains.

Cortex 3.0 delivers AI-powered code generation, vulnerability scanning, Enterprise AI & DevSecOps integrations, ...

This is according to GitGuardian’s latest report, the “State of Secrets Sprawl” paper that was just released. In the research ...

Microsoft’s geospatial data service is designed to help research projects using public satellite and sensor information.