The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear, a group tracked by Microsoft as Void Blizzard.

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and screen capture.

Recent social engineering schemes involving WordPress and Microsoft’s Windows Terminal show that this relatively basic tactic is a growing threat.

ClawSecure implemented 10/10 OWASP ASI Top 10 coverage before any competing platform, backed by real audit data from ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware ...

Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.