The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

New open-source app turns GitHub into a mobile and PC app store

GitHub is a vast labyrinth of amazing open-source software projects, and it can be hard to see some of the awesomeness within ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

As OpenClaw enthusiasm grips China, schoolkids and retirees alike raise 'lobsters'

By Laurie Chen and Eduardo Baptista BEIJING, March 19 (Reuters) - Fan Xinquan, a retired electronics worker in Beijing, has ...