GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

The Curated Catalog: The Biggest Defense Against Shai-Hulud 3.0

Shai-Hulud 2.0 exploited CI/CD pipelines in 2025, exposing shift-left flaws and driving curated catalogs to reduce CVE risk by 99%.