GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
Bitcoin Magazine

Breez SDK Launches Passkey Login for Seedless Bitcoin Wallets

Breez SDK now supports Passkey Login, allowing developers to build self-custodial Bitcoin wallets without mandatory seed phrases using FIDO2 PRF extensions for deterministic key derivation.
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
Computer Weekly

Identity and access management products

Critics and supporters of digital ID are honing their arguments for the government’s consultation – but it’s the public that will decide. How should you choose? Continue Reading ...