GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

DEV.co Expands JavaScript Development Services with “Vibe-Based” AI-Assisted Engineering Model

New AI-assisted development approach reduces costs and accelerates delivery timelines for modern JavaScript applications ...
Visual Studio Magazine

TypeScript 6.0 Ships as Final JavaScript-Based Release, Clears Path for Go-Native 7.0

Microsoft released TypeScript 6.0 on March 23, the last version built on the original JavaScript codebase, with three post-RC changes and a wave of deprecations designed to ready codebases for the ...
Wired

Make the Most of Chrome's Toolbar by Customizing It to Your Liking

There are plenty of ways to customize Chrome to make it easier to navigate the web, manage your tasks, and make your workflow more efficient. The main job of Google Chrome is to give you a window to ...
CNET

An Electrician's Warning: Never Plug These Devices into Extension Cords

Corin Cesaric-Epple is a Flex Editor at CNET. She received her bachelor's degree in journalism from the University of Missouri-Columbia. Before joining CNET, she covered crime at People Magazine and ...
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
CNBC

5 Things to Know

5 Things to Know is CNBC's Morning Squawk newsletter, a before-the-bell briefing on the most important news, trends and analysis that investors need to start their trading day. Subscribe here to ...