SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

The Age of Eerie A.I. Political Ads Is Here

The A.I. era of campaign advertising seems to be upon us — and it’s a pretty fast-moving and complex situation. Fortunately, ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
The Poynter Institute for Media Studies

Fake images from the Iran war are spreading online. Here’s how to spot them

Old videos, AI-generated imagery and misleading captions are circulating widely on social media as the conflict unfolds ...

Fake enterprise VPN sites used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...
PolitiFact

Social media feeds are awash with Iran war misinformation. Here’s how to identify false imagery

Tal Hagin, an open-source intelligence analyst based in Israel, compiles misinformation and shares his findings on X daily. He said he’s seen people recycling footage of Iranian missile strikes in ...
The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.