GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

ActiveState Launches Curated Catalogs to Neutralize Security Risks in AI-Generated Code

ActiveState, a global leader in trusted, managed open source software, today announced the launch of the ActiveState Curated Catalog. This new offering provides organizations with a private, secure ...
TechJuice

GlassWorm Malware Silently Infects Hundreds of Python Projects

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain risks.
9to5Google

Your favorite image-saving Chrome extension was scraping your data for cash

Seemingly out of nowhere, the “Save image as Type” Chrome extension was marked for removal, with Google warning users ...
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

Ohio's most prolific child porn downloader volunteered at church, school

Andrew Brown's IP address was flagged as being the most active in Ohio for downloading child pornography, court records say.
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
InfoWorld

First look: Electrobun for TypeScript-powered desktop apps

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in ...

Fake job applications pack malware that kills EDR before stealing data

A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines. The operation ...
XDA Developers on MSN

I automated my downloads folder with one script, and it hasn't needed attention since

One simple Python script transformed my chaotic downloads folder into a well-organized haven, eliminating the need for manual ...
InfoQ

New Research Reassesses the Value of AGENTS.md Files for AI Coding

Despite widespread industry recommendations, a new ETH Zurich paper concludes that AGENTS.md files may often hinder AI coding agents. The researchers recommend omitting LLM-generated context files ...