More OpenClaw security woes. Huntress researchers say bad actors convinced users to download a bogus installer for the AI personal assistant that deployed infostealers by hosting it in a malicious ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using ...

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

Popular PHP repositories on GitHub help developers understand real project structure and coding practices.Frameworks, tools, ...

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

GNU Stow is a symlink manager. It takes files from an organized folder you control and links them to wherever your system ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since ...

Aqua Security is scrambling to recover from supply chain attacks that first compromised the vendor's Trivy vulnerability ...

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.