The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

Xint Code Demonstrates Human-like Discovery and Prioritization of Business Logic Vulnerabilities, Analyzing Millions of Code Lines in Just Hours

Theori, a leader in offensive security research, today announced the commercial availability of Xint Code, the first completely LLM-native Static Application Security Testing (SAST) tool capable of ...

Chrome emergency update: Two attacked code-injection vulnerabilities patched

Google released an emergency update for Chrome on Friday night. It patches two security vulnerabilities that were attacked on the internet.

Researchers found a way to steal data from Claude.ai using Google Ads

A legitimate Google ad could lead to data exfiltration through a chain of Claude flaws.
CSOonline

That cheap KVM device could expose your network to remote compromise

Vulnerabilities found in low-cost KVM devices can give attackers the equivalent of physical access to everything they connect to. Researchers have found nine vulnerabilities in four popular low-cost ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
TMCnet

Former CrowdStrike Leaders Introduce Bltz AI, the Agentic Defensive Security Platform for Safe AI Adoption

Bltz AI introduces a new category of self-healing, agentic AI security that automatically prevents and fixes risks in real time, transforming AI security from reactive detection into a continuous, ...

VALLOUREC SECURES A CARBON STORAGE CONTRACT WITH BP BERAU LTD. FOR THE FIRST OFFSHORE INJECTION WELLS IN PAPUA, INDONESIA

VALLOUREC SECURES A CARBON STORAGE CONTRACT WITH BP BERAU LTD. FOR THE FIRST OFFSHORE INJECTION WELLS IN PAPUA, INDONESIA Meudon (France), on March 18, 2026 – Vallourec, a world leader in premium ...

Chainguard Launches the First Unified Repository for Secure-by-Default Open Source Artifacts

Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...