The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

Discover why Go's simplicity, built-in tools, and clear structure might take a strong starting point compared to JavaScript.

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

A large-scale GlassWorm malware campaign targeting developer platforms appears to be significantly more extensive and ...