InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

CrowdStrike and Google shut down glassworm malware network targeting software developers

CrowdStrike, alongside Google and the Shadowserver Foundation, has disrupted the Glassworm botnet used to spread malware ...

Coordinated operation takes down Glassworm botnet

The Glassworm botnet, a global operation targeting software developers through the open-source supply chain, was disrupted ...
Infosecurity Magazine

CrowdStrike, Google Take Down Glassworm Botnet

An industry effort involving CrowdStrike, Google and the Shadowserver Foundation has led to the disruption of the Glassworm ...
SecurityWeek

GlassWorm Botnet Disrupted

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Google AI Studio Cheat Sheet: Features, Pricing, and More

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...

What AI coding benchmarks still miss about software quality

Most AI coding benchmarks still ask the question: did the agent produce code that passes the current tests? This is a useful ...