The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in ...

AI coding tools and autonomous agents are generating more code, pulling in more dependencies, and interacting with open source at a scale humans have never seen before," said Dan Lorenc, CEO and ...

GhostClaw poses as an OpenClaw installer package, stealing system credentials and sensitive data before deploying a persistent RAT.

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

A massive, self-replicating GlassWorm supply-chain attack has compromised hundreds of code repositories and extensions on ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

ConnectWise: Evolving with the threat landscape The 2026 MSP Threat Report underscores a critical reality: reactive security models are no longer sufficient. Defenders must move earlier in the attack ...