Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
CSO Online

North Korean hackers abuse LNKs and GitHub repos in ongoing campaign

The multi-stage campaign targeting South Korea uses weaponized Windows shortcuts and GitHub-based command and control to ...
Global Times

China calls for keeping global critical mineral supply chains safe, stable, opposes ‘small-circle’ rules

China on Friday called on all parties to play a constructive role in safeguarding the stability and security of global critical minerals supply chains and expressed opposition to undermining the ...