GhostClaw turns GitHub habits into a macOS malware pipeline

GhostClaw, a macOS infostealer, is spreading through GitHub repositories and developer tools, and it works because routine ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...

Trivy supply-chain attack spreads to Docker, GitHub repos

The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images ...
Tom's Hardware on MSN

Invisible malicious code attacks 151 GitHub repos and VS Code

The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Hackers exploit OpenClaw hype on GitHub to steal crypto funds

Crypto scammers are exploiting the rising visibility of OpenClaw to target developers through a coordinated phishing campaign ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...
VentureBeat

GitHub offers free private repositories for unlimited collaborators, cuts Team plan to $4 per month

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More GitHub is making private repositories free to use for an unlimited number ...
ZDNet

GitHub to give users of its free plan access to unlimited private repositories

This announcement comes courtesy of TheNextWeb.com, which admits it broke Microsoft's embargo on the news a day early. Microsoft will formally announce this change in strategy on January 8, according ...