JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

GhostClaw, a macOS infostealer, is spreading through GitHub repositories and developer tools, and it works because routine install habits make running malware feel completely normal.

Attackers impersonate OpenClaw on GitHub, luring developers with bogus CLAW giveaways that trick users into connecting crypto ...

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

The use of AI agents has become increasingly popular among traders. However, SlowMist has shared findings on possible attack vectors, cautioning users to pump the brakes to protect themselves against ...

Hundreds of GitHub repositories seemingly offering “free game cheats” deliver malware, including the Vidar infostealer, ...

A massive, self-replicating GlassWorm supply-chain attack has compromised hundreds of code repositories and extensions on ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...