CSO Online

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Attackers exploit OpenClaw hype with fake “CLAW” airdrops, luring developers from GitHub into wallet-draining phishing sites.
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Las Vegas Sun

Vigil: The First Open-Source AI SOC Built with a LLM-native Architecture

Security teams are trapped between proprietary AI SOC vendors that obscure model intelligence and open-source tools that haven’t kept up with agentic architectures. A new open-source project, Vigil, ...
XDA Developers on MSN

I rebuilt my Windows install around Winget and dotfiles, and it feels like Linux (in a good way)

Install your apps and config the way Linux users do.
SecurityWeek

In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting

Other noteworthy stories that might have slipped under the radar: vulnerabilities found in KVM devices, Claudy Day Claude vulnerabilities, The Gentlemen ransomware group. SecurityWeek’s weekly ...
Cybernews

AI developers lured by fake crypto prize as phishers weaponize GitHub

While the creator of the AI agent platform OpenClaw banned the mention of bitcoin (BTC) and other crypto assets on its Discord channel, crypto scammers are now targeting developers on GitHub, aiming ...
CoinDesk

OpenClaw developers targeted in GitHub phishing scam offering fake token airdrops

Attackers impersonate OpenClaw on GitHub, luring developers with bogus CLAW giveaways that trick users into connecting crypto ...

Why Garry Tan’s Claude Code setup has gotten so much love, and hate

Thousands of people are trying Garry Tan's Claude Code setup, which was shared on GitHub. And everyone has an opinion: even ...

This open-source app turns Microsoft's GitHub into an app store for your Android phone — and your Windows PC, too

GitHub has a ton of amazing projects within, and this app helps you find interesting ones you might want to use on your ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...