The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
CSO Online

North Korean fake IT worker tradecraft exposed

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...
Cryptopolitan on MSN

Cybersecurity researchers uncover GhostLoader malware hidden in fake OpenClaw npm package

A malicious npm package disguised as a legitimate AI tool to install the virally popular OpenClaw, but designed to steal system passwords and crypto wallets, has been identified by cybersecurity ...
CSO Online

Devs looking for OpenClaw get served a GhostClaw RAT

GhostClaw poses as an OpenClaw installer package, stealing system credentials and sensitive data before deploying a persistent RAT.
GitHub

learn-nodejs-hard-way

You can access the current version of the book in the chapters directory or in PDF format (both Light and Dark modes are available) by clicking here. Note that this ...
GitHub

SeiJS is a monorepo that contains multiple NPM libraries for writing applications that interact with Sei.

SeiJS consists of smaller NPM packages within the @sei-js namespace. For more detailed documentation on each package, please refer to the table below.