GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Oracle unveils Project Detroit for faster Java interop with JavaScript and Python

JavaOne Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop between Java, JavaScript, and Python. Java 26 will be supported for just six ...

LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

Chainguard Launches the First Unified Repository for Secure-by-Default Open Source Artifacts

Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

Vite team boasts 10-30x faster builds with Rust-powered Rolldown

The Vite team claims that Rolldown is "10-30x faster than Rollup," and matches the performance of esbuild, which is also ...

New “vibe coded” AI translation tool splits the video game preservation community

A day after that project went public, though, Hubbard was issuing an apology to many members of the Gaming Alexandria’s ...

TuxCare to Showcase Extended Lifecycle Support for Open-Source Software at RSA Conference 2026

PALO ALTO, CA, UNITED STATES, March 16, 2026 /EINPresswire.com/ -- TuxCare, a global innovator in securing open source, ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
InfoWorld

Microsoft accelerates pace of VS Code development

Microsoft is speeding up the delivery of its Visual Studio Code updates. Since last summer, the company has been making ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
The Hacker News

Investigating a New Click-Fix Variant

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

A.I. Writes Buggy Code. A Silicon Valley Start-Up Wants to Fix It.

These start-ups, including Axiom Math and Harmonic, both in Palo Alto, Calif., and Logical Intelligence in San Francisco, ...