Dark Reading

GlassWorm Malware Evolves to Hide in Dependencies

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.
InfoQ

AWS Launches Managed Openclaw on Lightsail amid Critical Security Vulnerabilities

AWS launched managed OpenClaw on Lightsail for AI agent deployment while security concerns mount. The 250k-star GitHub project is affected by CVE-2026-25253, which enables one-click RCE, with 17,500+ ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Cascade of A.I. Fakes About War With Iran Causes Chaos Online

“The use of A.I. images of places in the Gulf — being burnt or damaged — becomes more important in Iran’s playbook,” Mr. Jones said, “because it allows them to give a sense that this war is more ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
TMCnet

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be the first documented case of attackers abusing the Deno JavaScript runtime ...