GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
Redmondmag.com

GitHub Abuse Emerges in Twin Social Engineering Campaigns Spotted by Fortra, Trend Micro

Security researchers are tracking two separate GitHub-related threat campaigns that use the platform's infrastructure in different ways -- one to deliver vishing lures through legitimate GitHub ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...
SB Nation

Tips for using the comments

• Your comment history now lives under the My Profile tab above this message. You can also select ‘auto-unfurl all gifs/images’ there • Switch to Oldest First / Most Rec’d First by changing the ‘Sort ...
CNET

Everything You Need to Know About Making Apple Intelligence Work for You

Jeff Carlson writes about mobile technology for CNET. He is also the author of dozens of how-to books covering a wide spectrum ranging from Apple devices and cameras to photo editing software and ...