The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Infosecurity Magazine

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms

Ram Varadarajan, CEO at Acalvio, said the findings illustrate a deeper architectural challenge. "AWS Bedrock's sandbox ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
The Hacker News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...

Shadow AI is everywhere. Here’s how to find and secure it.

Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern ...