I found 10k GitHub repositories distributing Trojan malware
A large-scale malware distribution campaign on GitHub has been identified, involving 10,000 repositories that distribute Trojan malware. These repositories originate from different contributors and share a common pattern, enabling the creation of a script to find them.
orchidfiles.com
8 min
1d ago
Arch Linux AUR Hit by Another Wave of Now More Sophisticated Malware Attack
Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack Just a day after Arch Linux developers believed they got their malware AUR incident under control with 1,500+ packages affected by malware, another round of of AUR malware is now being discovered. This latest round is more sophisticated as with code obfuscation to better conceal the intent. Last night another round of malw...
phoronix.com
2 min
5d ago
Malware developers added nuclear and biological weapons text to to their spyware
NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order
twitter.com
1 min
6/11/2026
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
A supply chain attack compromised 30 WordPress plugins, including Countdown Timer Ultimate, after a trusted developer was acquired by a new owner. The WordPress.org Plugins Team issued a security notice regarding the malicious backdoor found in these plugins.
anchor.host
7 min
4/13/2026
Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories
Glassworm malware has re-emerged, compromising over 150 GitHub repositories, npm, and VS Code through the use of hidden Unicode characters. This resurgence follows previous activity traced back to the same threat actor, highlighting ongoing vulnerabilities in these platforms.
aikido.dev
4 min
3/15/2026
The #1 most downloaded skill on OpenClaw marketplace was malware
The most downloaded skill on the OpenClaw marketplace was identified as malware, which stole SSH keys, crypto wallets, and browser cookies while establishing a reverse shell to the attacker's server. A total of 1,184 malicious skills were found, with one attacker responsible for uploading 677 packages, exploiting the platform's open publishing policy that allowed anyone with a week-old GitHub account to submit skills.
twitter.com
1 min
2/19/2026
I found 10k GitHub repositories distributing Trojan malware
A large-scale malware distribution campaign on GitHub has been identified, involving 10,000 repositories that distribute Trojan malware. These repositories originate from different contributors and share a common pattern, enabling the creation of a script to find them.
orchidfiles.com
8 min
1d ago
Malware developers added nuclear and biological weapons text to to their spyware
NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order
twitter.com
1 min
6/11/2026
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
A supply chain attack compromised 30 WordPress plugins, including Countdown Timer Ultimate, after a trusted developer was acquired by a new owner. The WordPress.org Plugins Team issued a security notice regarding the malicious backdoor found in these plugins.
anchor.host
7 min
4/13/2026
The #1 most downloaded skill on OpenClaw marketplace was malware
The most downloaded skill on the OpenClaw marketplace was identified as malware, which stole SSH keys, crypto wallets, and browser cookies while establishing a reverse shell to the attacker's server. A total of 1,184 malicious skills were found, with one attacker responsible for uploading 677 packages, exploiting the platform's open publishing policy that allowed anyone with a week-old GitHub account to submit skills.
twitter.com
1 min
2/19/2026
Arch Linux AUR Hit by Another Wave of Now More Sophisticated Malware Attack
Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack Just a day after Arch Linux developers believed they got their malware AUR incident under control with 1,500+ packages affected by malware, another round of of AUR malware is now being discovered. This latest round is more sophisticated as with code obfuscation to better conceal the intent. Last night another round of malw...
phoronix.com
2 min
5d ago
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories
Glassworm malware has re-emerged, compromising over 150 GitHub repositories, npm, and VS Code through the use of hidden Unicode characters. This resurgence follows previous activity traced back to the same threat actor, highlighting ongoing vulnerabilities in these platforms.
aikido.dev
4 min
3/15/2026
I found 10k GitHub repositories distributing Trojan malware
A large-scale malware distribution campaign on GitHub has been identified, involving 10,000 repositories that distribute Trojan malware. These repositories originate from different contributors and share a common pattern, enabling the creation of a script to find them.
orchidfiles.com
8 min
1d ago
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
The #1 most downloaded skill on OpenClaw marketplace was malware
The most downloaded skill on the OpenClaw marketplace was identified as malware, which stole SSH keys, crypto wallets, and browser cookies while establishing a reverse shell to the attacker's server. A total of 1,184 malicious skills were found, with one attacker responsible for uploading 677 packages, exploiting the platform's open publishing policy that allowed anyone with a week-old GitHub account to submit skills.
twitter.com
1 min
2/19/2026
Arch Linux AUR Hit by Another Wave of Now More Sophisticated Malware Attack
Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack Just a day after Arch Linux developers believed they got their malware AUR incident under control with 1,500+ packages affected by malware, another round of of AUR malware is now being discovered. This latest round is more sophisticated as with code obfuscation to better conceal the intent. Last night another round of malw...
phoronix.com
2 min
5d ago
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
A supply chain attack compromised 30 WordPress plugins, including Countdown Timer Ultimate, after a trusted developer was acquired by a new owner. The WordPress.org Plugins Team issued a security notice regarding the malicious backdoor found in these plugins.
anchor.host
7 min
4/13/2026
Malware developers added nuclear and biological weapons text to to their spyware
NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order
twitter.com
1 min
6/11/2026
Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Repositories
Glassworm malware has re-emerged, compromising over 150 GitHub repositories, npm, and VS Code through the use of hidden Unicode characters. This resurgence follows previous activity traced back to the same threat actor, highlighting ongoing vulnerabilities in these platforms.
aikido.dev
4 min
3/15/2026
No more articles to load