The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Bleeping Computer

GitHub enables push protection by default to stop secrets leak

GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. Today's announcement comes ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
InfoQ

How GitHub Improved Code Push Processing Reliability

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Ludi Akue discusses how the tech sector’s ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...
heise online

New security features for GitHub to protect secrets

According to GitHub, it blocks several secrets such as passwords or API keys that are secured with push protection every minute. Nevertheless, secret leaks remain one of the most common causes of ...
TheServerSide

Do a git reset and push to undo previous local git commits example

Community driven content discussing all aspects of software development from DevOps to design patterns. I published an article recently on how to perform a hard git reset, but one of the questions ...
InfoWorld

GitHub rolls out push protection on public repos

With push protection, GitHub’s secret scanning blocks users from pushing secrets to a repository, while giving them the option to bypass the block. GitHub has begun rolling out push protection for all ...