Dark Reading

GlassWorm Malware Evolves to Hide in Dependencies

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Vite team boasts 10-30x faster builds with Rust-powered Rolldown

Native code build tools now dominate for TypeScript or JavaScript projects Vite 8.0 has been released, and it uses Rust-built ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.
Pure Xbox

With Project Helix On The Horizon, Xbox Is Now Letting You Add Games Manually On PC

We've heard a lot this month about Xbox's new Project Helix console and how it'll support both console and PC games, and the belief is that it'll work similarly to how the ROG Xbox Ally handheld ...
CSO Online

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Why Did Trump Officials Award $2 Million to a Small Art School in Queens?

The National Endowment for the Humanities seldom gave seven-figure grants. Now big awards flow to handpicked projects, including an institution with three full-time employees.

The Verdict: The power of new MLS stadiums in the most in-need major markets

New stadiums are coming to New York, Chicago, Miami and, potentially, New England. What could that mean for MLS?