Fake Claude Code & OpenClaw AI Tools Delivering Data-Stealing Malware to Developers

Hackers are using fake Claude Code and OpenClaw downloads to spread data-stealing malware like Amatera and AMOS among developers.
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...
IEEE

Novel Substitution Box Architectural Synthesis for Lightweight Block Ciphers

Abstract: This letter proposes three novel substitution box (S-box) architectures for lightweight block ciphers. The proposed S-box architectures are based on the Boolean decomposition to achieve the ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.