InfoQ

GitHub Targets Large Merge Problem with Stacked PRs

GitHub has launched a native stacked pull request workflow through a new CLI extension called gh-stack, closing a gap that ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub’s engineering team developed a fix and deployed it just over an hour after identifying the root cause, protecting both ...

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
SecurityWeek

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 clones of popular extensions published to the Open VSX marketplace in April are likely designed to deliver GlassWorm ...

GitHub will start charging Copilot users based on their actual AI usage

GitHub has announced that it will be shifting to a usage-based billing model for its GitHub Copilot AI service starting on ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. Threat actors have been abusing credentials stolen in the VS Code GlassWorm campaign to hack ...
Morningstar

Zyphra Releases ZUNA - BCI Foundation Model Advancing Towards Thought-to-Text

New brain-computer interface AI model improves real-world EEG data while advancing Zyphra's mission to develop human-aligned superintelligence SAN FRANCISCO, Feb. 18, 2026 /PRNewswire/ -- Zyphra today ...