Dark Reading

GlassWorm Returns, Slices Back into VS Code Extensions

GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...