The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Wired

You Can Now Install—and Update—Microsoft Store Apps Using the Command Line

I can't stand opening the Microsoft Store. It's slow to load, confusing to browse, and full of ads for things I don't care about. Luckily, thanks to a new feature, I don't have to open the Microsoft ...
PC Magazine

Phony Claude Code Install Guides Trick Vibe Coders Into Installing Malware

Would-be vibe coders looking to experiment with Claude Code are being targeted by malicious install guide websites that pop up in Google search results and install malware when executed. Dubbed ...
PC Magazine

Phony Claude Code Install Guides Trick Vibe Coders Into Installing Malware

Ideally, you'd avoid pasting URLs you find in guides (or anywhere), but it's not uncommon to see this when installing some tools online. Indeed, the legitimate Claude Code install site asks you to do ...