GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Dark Reading

GlassWorm Malware Evolves to Hide in Dependencies

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.
TechJuice

GlassWorm Malware Silently Infects Hundreds of Python Projects

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain ...

Oracle releases Java26, with new Java Verified Portfolio

At the JavaOne conference today, Oracle made a series of announcements related to a new Java Verified Portfolio (JVP) and new JDK Enhancement Proposals (JEPs).
腾讯网

GlassWorm攻击利用窃取的GitHub令牌向Python仓库强制推送恶意软件

GlassWorm恶意软件活动正被用于推动一场持续攻击,该攻击利用窃取的GitHub令牌向数百个Python仓库注入恶意软件。
Techzine Europe

GlassWorm malware surfaces in development environments

A large-scale GlassWorm malware campaign targeting developer platforms appears to be significantly more extensive and ...
NPR

Code Switch

What's CODE SWITCH? It's the fearless conversations about race that you've been waiting for. Hosted by journalists of color, our podcast tackles the subject of race with empathy and humor. We explore ...