Dark Reading

GlassWorm Malware Evolves to Hide in Dependencies

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.
The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
GameSpot

Marathon South Maintenance Terminal Location: Where To Download Data

Marathon has plenty of contracts for you to tackle, and one of them will task you with finding where to download data from ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key ...
The Hacker News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...
MIT Technology Review

The Download: AI’s role in the Iran war, and an escalating legal fight

Much of the spotlight on AI in the Iran conflict has focused on models like Claude helping the US military decide where to strike. But a wave of “vibe-coded” intelligence dashboards—and the ecosystem ...
InfoQ

Cloudflare Releases Experimental Next.js Alternative Built with AI Assistance

Cloudflare released vinext, an experimental Next.js reimplementation built on Vite by one engineer, with AI guidance over one ...

Starmer was warned of 'reputational risk' over Mandelson's links with Epstein, files show

Newly released documents on Mandelson's appointment as US ambassador also say he asked for £547,000 when sacked - he received ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
Construction Business Owner

Job Order Contracting for Contractors: What It Means for Your Business

Contractors are a vital part of any successful Gordian Job Order Contracting (JOC) program. They are instrumental in helping ...