GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Microsoft Confirms SQL Zero-Day Security Vulnerability—Here’s The Fix

Microsoft has confirmed that a hacker who successfully exploits a zero-day SQL vulnerability could gain system administrator privileges. Here’s how to fix it.
InfoWorld

The revenge of SQL: How a 50-year-old language reinvents itself

From the browser to the back end, the ‘boring’ choice is exciting again. We look at three trends converging to bring SQL back ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub ...
Computer Weekly

Microsoft patches zero-days in .NET and SQL Server

Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft's March Patch Tuesday update.
The Hacker News

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.