Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...

GhostClaw turns GitHub habits into a macOS malware pipeline

GhostClaw, a macOS infostealer, is spreading through GitHub repositories and developer tools, and it works because routine ...
The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

Pervaziv AI Releases AI Code Review 2.0 GitHub Action for Repository-Wide Security Scanning and AI-Powered Remediation

New release integrates automated security scanning, AI-powered remediation, and GitHub-native workflows for enterprise ...

GitHub says it will employ user data to train its AI after all

Your data will be used to train GitHub's AI ...
Hackaday

This Week In Security: Second Verse, Worse Than The First

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...
InfoWorld

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party ...

Hackers exploit OpenClaw hype on GitHub to steal crypto funds

Crypto scammers are exploiting the rising visibility of OpenClaw to target developers through a coordinated phishing campaign ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

When Credential Theft Becomes Organized Crime

The 2025 attacks demonstrated that credential theft has matured into an industry. In 2026, will enterprise defenses mature to ...