OpenAI is mandating macOS users update ChatGPT Desktop and other apps by May 8, 2026, due to a compromised JavaScript library ...

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...

Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...

Kindly share this postAccording to Kaspersky telemetry, almost 19,500 malicious packages were found in open-source projects ...

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...