GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Infosecurity Magazine

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms

A method for exfiltrating sensitive data from AI-powered code execution environments using domain name system (DNS) queries ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...