GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Google: Cloud attacks exploit flaws more than weak credentials

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.
GitHub

Sitecore Cloud SDK

The open-source Sitecore Cloud SDK lets JavaScript/TypeScript developers integrate capabilities from Sitecore CDP, Sitecore Personalize, and Sitecore Search into Content SDK and JSS applications ...
CSOonline

From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain

AI-assisted attackers weaponized exposed credentials and permissive roles to move from initial access to full AWS admin control in minutes. Threat actors tore through an Amazon Web Services ...
Dark Reading

8-Minute Access: AI Accelerates Breach of AWS Environment

Attackers used a combination of found credentials and artificial intelligence (AI) to gain administrative access to an Amazon Web Services (AWS) environment in less than 10 minutes. The incident ...
GitHub

Steamworks FFI - Steamworks SDK Integration for Node.js applications

A TypeScript/JavaScript wrapper for the Steamworks SDK using Koffi FFI, designed for Node.js and Electron applications with Steamworks SDK v1.63 integration.