Loading...
Loading...
A wave of GitHub-related controversies is sharpening focus on how developer data and code can be exploited at scale. Security researchers report a renewed “Glassworm” supply-chain campaign that hid malicious JavaScript payloads in invisible Unicode characters across more than 150 GitHub repos, with spillover into npm and VS Code marketplaces—evading reviews and many scanners. Separately, social-engineering tactics abused GitHub issues to trick developers into installing malicious packages, compromising thousands of machines. Meanwhile, Hacker News users accuse some YC startups of scraping GitHub activity to send unsolicited marketing emails, raising GDPR and consent concerns. Together, the incidents spotlight mounting risks in open-source ecosystems and developer identity privacy.
Security News / Research Trivy Supply Chain Attack Expands to Compromised Docker Images Newly published Trivy Docker images (0.69.4, 0.69.5, and 0.69.6) were found to contain infostealer IOCs and were pushed to Docker Hub without corresponding GitHub releases. By Philipp Burckhardt - Mar 22, 2026
A threat actor reused compromised credentials to publish malicious Trivy Docker images (v0.69.5 and v0.69.6) to Docker Hub, with incidents on March 19 and again on March 22, 2026, indicating the attacker maintained persistence through credential rotations. The compromise affects the Trivy ecosystem and GitHub Actions tags, potentially exposing secrets and supply-chain integrity for projects using those images. Aqua Security (Trivy) has published advisories and the community is discussing the broader implications for security tooling trust and cloud/CI access practices. This incident underscores risks of compromised build artifacts in CI/CD pipelines and the need for stricter credential management, image provenance, and rotation controls.
The Trivy ecosystem’s supply chain was briefly compromised, with attackers using malicious commits and packages to push spam and self-propagating payloads across repositories and npm packages. The incident affected multiple GitHub accounts and reportedly spread a CanisterWorm-style backdoor across dozens of npm packages, prompting community discussion and investigations on Hacker News and related threads. Key players include the Trivy/Aqua Security ecosystem, affected GitHub users, and maintainers of impacted npm packages. This matters because supply-chain compromises can covertly distribute malware to downstream users and CI/CD pipelines, highlighting risks in package trust, repository account security, and the need for tighter vetting, dependency hygiene, and incident response across open-source supply chains.
Security researchers report a renewed mass campaign by the Glassworm threat actor using invisible Unicode characters to hide malicious payloads across hundreds of open-source projects. The technique embeds non-printing Unicode in seemingly empty strings; a lightweight decoder recovers bytes that are passed to eval(), enabling second-stage fetch-and-execute behavior previously used to steal credentials and crypto. Between March 3–9, 2026, at least 151 GitHub repositories showed the decoder pattern (with deletions likely undercounting), and the campaign has expanded into npm packages and VS Code extensions including named packages like @aifabrix/miso-client and a VS Code markdown editor. Notable targets include repos for Wasmer, Reworm, and anomalyco’s OpenCode/SST. This multi-ecosystem push renews supply-chain risks and underscores gaps in code-review and tooling that miss invisible characters.
Researchers at Aikido Security uncovered a supply-chain campaign that uploaded 151 malicious packages to GitHub and other registries (including npm and Open VSX) in early March, using invisible Unicode “Public Use” characters to hide payloads. The visible package contents look legitimate—documentation tweaks, version bumps and small refactors—while critical malicious functions are encoded in Unicode code points that render invisible in editors and many scanners but decode to executable bytes at runtime via small decoders and eval(). Aikido and fellow firm Koi suspect the attacker group “Glassworm” is using LLMs to scale creation of convincing, bespoke packages. The technique defeats manual review and many static defenses, underscoring risks for developer supply chains and the need for tooling that detects hidden Unicode payloads.
Security firm Aikido reports a renewed “Glassworm” campaign using invisible Unicode characters to hide malicious JavaScript payloads in open-source ecosystems. In a Mar 13, 2026 blog, Aikido says the actor is again compromising GitHub repositories and has expanded activity to npm and the VS Code marketplace. The technique embeds payload bytes inside strings that render as empty in editors and code review tools; a decoder reconstructs the bytes at runtime and passes them to eval(). Aikido’s GitHub code search found at least 151 repositories matching the decoder pattern, with compromises occurring between Mar 3–9, 2026, and notes the true scope may be larger due to deleted repos. Named affected projects include repositories from Wasmer, pedronauck/reworm, and anomalyco’s opencode-bench. Aikido also lists newly tainted npm packages and a VS Code extension published Mar 12, 2026.
Aikido Security researchers reported a supply-chain campaign that uploaded 151 malicious packages to GitHub between March 3 and March 9, using “invisible” Unicode characters to hide executable code from reviewers and many tools. The packages mimic legitimate libraries, but their malicious functions and payloads are encoded in Unicode Private Use Area characters that render as blank space in most editors and code review interfaces while still executing in JavaScript. Aikido said the technique undermines manual review and traditional defenses, and noted the visible code is high quality, with realistic commits such as documentation tweaks and version bumps. The firm attributes the activity to a group it calls Glassworm and, along with security company Koi, suspects LLMs are being used to generate the convincing packages. Other affected ecosystems include NPM and Open VSX.
Security researchers warn that Glassworm — a threat actor using invisible Unicode characters to hide payloads in source code — has launched a new, large-scale campaign in March 2026. The technique embeds private-use-area (PUA) Unicode in seemingly empty strings; a lightweight decoder reconstructs bytes at runtime and passes them to eval(), enabling second-stage fetch-and-execute behavior that previously used Solana as a delivery channel to steal tokens and secrets. At least 151 GitHub repositories matched the decoder pattern (many already deleted), and the actor has also pushed malicious packages to npm and a VS Code extension, including named packages and repos from Wasmer, Reworm, and OpenCode-related projects. This multi-ecosystem supply-chain push underscores persistent gaps in code review, package vetting, and developer tooling that leave ecosystems vulnerable to stealthy obfuscated attacks.
The article describes a series of npm supply-chain attacks in 2025 that allegedly turned routine `npm install` runs into credential theft. It cites three campaigns: on Sept. 8, 2025, attackers reportedly social-engineered maintainers and shipped malicious updates to 18 popular packages including Chalk and Debug, aiming to intercept cryptocurrency activity; on Sept. 14, 2025, a “Shai-Hulud” worm allegedly stole developer secrets and, if it gained GitHub access, created a public “Shai-Hulud” repo containing exfiltrated tokens and propagated by poisoning other npm packages; and in Nov. 2025, “Shai-Hulud 2.0” purportedly affected tens of thousands of GitHub repos, including 25,000 malicious repos across ~350 users, with a destructive fallback that could target a user’s home directory. The piece highlights npm lifecycle scripts (e.g., preinstall) as the execution vector.
A malicious GitHub issue title encouraged developers to run npm install pointing at github:cline/cline#b181e0, which resolved to a fork containing a malicious postinstall script; when followed, it compromised roughly 4,000 developer machines. Reported on Hacker News, the incident highlights supply-chain risk where social engineering via issue text triggered execution of attacker-controlled code through package installation. Key players include GitHub, npm/package ecosystems, the forked cline repository, and affected developers. The episode matters because it shows how developer workflows that execute commands from issue trackers or chat can become attack vectors, underscoring the need for stricter package provenance checks, repository hygiene, and caution around copy-pasting commands from public discussions.
An open source maintainer behind npmx.dev published a guide on making a first contribution to open source, using GitHub-based examples. The author says they “accidentally” became a maintainer of npmx.dev, a project aiming to offer a new way to browse the npm package registry, and notes the project recently announced an alpha release. Drawing on prior contributions to projects including Astro documentation and Google Lighthouse, the guide argues that open source is primarily about community, not just code, and that newcomers can contribute in many ways beyond programming. It defines common terms such as issues, pull requests, maintainers, and contributors, then advises readers to start by choosing a project they care about and reviewing its community guidelines or code of conduct before engaging.
npm’s Data Protection Officer (npm, a GitHub subsidiary under Microsoft) issued a Data Subject Access Request response dated 26 February 2026 (Ref: DSAR-2026-0041573), noting the 30-day GDPR deadline was exceeded after an identity check took 47 days and looped with GitHub SSO. The letter lists personal data categories including identity details, 487 IP addresses, full publishing history for the “buttplug” package (147 versions), and logs of every npm install and audit activity. It also claims collection of local “node_modules inventory” data (412 pages) such as dependency trees and content hashes. Recipients named include GitHub, Dependabot, Microsoft, Cloudflare, the public npm registry, and archival/third-party systems, citing 14 installs of an accidentally published .env file and ~900 weekly CI installs.
A recent discussion on Hacker News highlights concerns over certain Y Combinator (YC) companies, such as Run Anywhere and Voice.AI, scraping GitHub activity to send unsolicited marketing emails to users. The practice raises ethical questions, particularly regarding compliance with GDPR regulations, as users have not consented to receive these communications. The issue has prompted complaints to both GitHub and YC Ethics, with users sharing their experiences of receiving similar spam emails. This situation underscores ongoing challenges in the tech industry related to data privacy and the ethical use of user information.
A user reported receiving unsolicited marketing emails from two companies, Run Anywhere and Voice.AI, which allegedly scrape GitHub activity to target users based on their contributions. The emails raise concerns about privacy violations, particularly under GDPR regulations, as the companies appear to send these messages without user consent. The user has filed complaints with both companies and reached out to GitHub and Y Combinator's ethics committee for further action. This incident highlights ongoing issues regarding data scraping practices and user consent in the tech industry.