The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Cloud attacks are getting faster and deadlier - here's your best defense plan

Cloud attacks are getting faster and deadlier - here's your best defense plan ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Google: Cloud attacks exploit flaws more than weak credentials

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud ...
The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
TechCrunch

Inside the story of the US defense contractor who leaked hacking tools to Russia

A veteran cybersecurity executive who prosecutors said “betrayed” the United States will spend at least the next seven years behind bars, after pleading guilty to stealing and selling hacking and ...
completemusicupdate

Merlin CEO Jeremy Sirota said “independent music is not raw material for tech companies to exploit without consent” before quitting to join AI music scraper-in-chief Suno

No more TED talks, daddy! Ex-Merlin CEO Jeremy Sirota has moved to the dark side and joined one of the very companies he railed against. Having defended Merlin members against the predations of big ...

AI helps novice threat actor compromise FortiGate devices in dozens of countries

Generative AI tools analyzed target networks and wrote exploit code, enabling an opportunistic attacker to have an outsized ...
CSOonline

Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon

The report warns CSOs that while AI is helping unsophisticated threat actors, failure to implement cybersecurity basics is fatal regardless of the attacker's skill. A Russian-speaking threat actor is ...