The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

Developers are shifting toward artificial intelligence infrastructure as blockchain ecosystems lose contributors across major networks, from Ethereum to Solana.

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft ...

An initiative within the JavaScript community is attempting to offer an alternative to the way developers view npm packages via the web. The project is ...

GitHub data suggests AI coding assistants are starting to influence which programming languages developers choose.

Barrel files are convenient, but they often come with trade-offs including: Performance and memory: they artificially inflate the module graph and slow down startup times, HMR, and CI pipelines.