The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency ...
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
thearabianpost

Microsoft flags malicious Next.js developer traps

Microsoft has warned that threat actors are exploiting seemingly legitimate Next. js repositories to compromise software developers, embedding staged backdoors inside projects that mimic technical ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
IEEE

MTSecurity: Privacy-Preserving Malicious Traffic Classification Using Graph Neural Network and Transformer

Abstract: Encrypting network traffic is an effective means of safeguarding user privacy and sensitive information. However, it also introduces potential vulnerabilities that can be exploited by ...
IEEE

FedGT: Identification of Malicious Clients in Federated Learning With Secure Aggregation

Abstract: Federated learning (FL) has emerged as a promising approach for collaboratively training machine learning models while preserving data privacy. Due to its decentralized nature, FL is ...
theregister

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Next.js developers are once again in the crosshairs as hackers seed malicious repositories disguised as legitimate projects, according to Microsoft, which said a limited set of those repos were ...