Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

More OpenClaw security woes. Huntress researchers say bad actors convinced users to download a bogus installer for the AI personal assistant that deployed infostealers by hosting it in a malicious ...

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

Five malicious Rust crates and an AI bot exploited CI/CD pipelines and GitHub Actions in Feb 2026, stealing developer secrets ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.

Popular PHP repositories on GitHub help developers understand real project structure and coding practices.Frameworks, tools, ...

This is according to GitGuardian’s latest report, the “State of Secrets Sprawl” paper that was just released. In the research ...