SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Your iPhone could be hacked in minutes: Why a new GitHub leak puts millions of Apple ...

A newly leaked iPhone hacking tool could let attackers easily target devices that haven’t been updated to the latest iOS ...
The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...
NDTV Profit

iPhone-Hacking Tool DarkSword Is Now Public, And Anyone Can Misuse It — How To Keep Your ...

Hundreds of millions of users and an estimated 2.5 billion devices are reportedly exposed to potential attacks.
The Financial Express

Somebody publicly posted an iPhone hack kit that puts millions of you at risk

Once a victim is exposed to a malicious link, the exploit gains filesystem access and exfiltrates data to an ...

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions ...
Cyber Daily

Code security platform Trivy compromised by malicious packages

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.
GovInfoSecurity

Cryptohack Roundup: AppsFlyer SDK Breach Enabled Theft

This week, the AppsFlyer SDK breach, JPMorgan sued over ties to a Ponzi scheme, the OFAC sanctioned a network tied to North ...

This severe and international iPhone hack is the best reason to update to iOS 26.3 yet

A sophisticated iPhone hacking technique and surveillance campaign ran rampant internationally for months, prior to a patch ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...