GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Apple fixes WebKit CVE-2026-20643 in iOS 26.3.1, macOS 26.3.2 using background patches, reducing exploit risk.
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...