GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

The Age of Eerie A.I. Political Ads Is Here

The A.I. era of campaign advertising seems to be upon us — and it’s a pretty fast-moving and complex situation. Fortunately, ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
The Poynter Institute for Media Studies

Fake images from the Iran war are spreading online. Here’s how to spot them

Old videos, AI-generated imagery and misleading captions are circulating widely on social media as the conflict unfolds ...
The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
Bleeping Computer

Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker ...
The Nation Newspaper

Alleged plot to poison Tinubu fake, says Presidency

A viral report alleging that a kitchen staff member at the State House had been arrested over a purported attempt to poison President Bola Ahmed Tinubu is fake, the presidency declared yesterday. In a ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...
CBS News

Hegseth demands full military access to Anthropic's AI model Claude and sets deadline for end of week

Trust is breaking down between the Pentagon and Anthropic over the use of its AI model, sources familiar with the situation told CBS News. In a meeting at the Pentagon on Tuesday morning, Defense ...