GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...

Does the IRS owe you a COVID-19 refund? What NC taxpayers should know

Here's what to know about the possible payments, plus important tax deadlines, how to check refund statuses and more.

Voice of America staffers sue Kari Lake, accuse agency of censorship

Under Kari Lake, the storied VOA news agency has turned into a Trump administration mouthpiece, current and former employees ...

Glassworm Malware Campaign Uses Invisible Code To Infect Hundreds Of GitHub Repos

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...
TechJuice

GlassWorm Malware Silently Infects Hundreds of Python Projects

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain ...

Amazon security boss says crims abused max-security Cisco firewall flaw weeks before disclosure

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
Techzine Europe

GlassWorm malware surfaces in development environments

A large-scale GlassWorm malware campaign targeting developer platforms appears to be significantly more extensive and ...

DePaul gives athletic director DeWayne Peevy another contract extension

CHICAGO (AP) — DePaul has given athletic director DeWayne Peevy an extension that keeps him under contract through 2031.

My most useful Chrome extension was stealing my data for years

An extension I used almost every day was bought by a new owner and loaded up with spyware. It happened in 2024, but Google ...