GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using ...

New open-source app turns GitHub into a mobile and PC app store

GitHub is a vast labyrinth of amazing open-source software projects, and it can be hard to see some of the awesomeness within ...
The Hacker News

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

CISA adds Wing FTP CVE-2025-47813 to KEV after active exploitation, exposing server paths and aiding attacks; patch by March ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to ...