GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
GitHub

[MLIR] VSCode plugin has outdated minimatch dependency causing security alerts

Automated security scanning tools are reporting that this version of minimatch was vulnerable to CVE-2026-27903 and CVE-2026-27904. (In my case, MSVC uses llvm-project as a submodule for ASan and ...
blockchain

GitHub Copilot VS Code v1.110 Brings Agentic Browser Tools and Plugin System

GitHub's latest VS Code update introduces agent plugins, browser automation tools, and shared memory across Copilot products for complex coding workflows. GitHub shipped Visual Studio Code v1.110 on ...
GitHub

opencode-plugin

OpenCode port of Flow-Next: plan-first workflows, Ralph autonomous mode (overnight coding with fresh context), multi-model review gates via Codex, re-anchoring to prevent drift, receipt-based gating.