Click any tag below to further narrow down your results
Links
Bitdefender Labs found that 17% of the OpenClaw AI skills examined in February 2026 are malicious. These skills, masquerading as useful tools, are used to steal crypto keys and install malware on macOS, with one user linked to 199 harmful scripts.
Malcontent is a tool designed to detect supply-chain malware using context analysis and differential methods. It supports various file formats and programming languages, analyzing Linux programs primarily, but also works with macOS and Windows. It features three modes: analyze, diff, and scan, allowing for in-depth examination of program capabilities and risks.
GlassWorm malware has reappeared in Visual Studio Code extensions just weeks after being declared eradicated. The worm uses invisible Unicode characters to hide its code and is now also infecting GitHub repositories, posing risks to developers and critical infrastructure worldwide.
Sketchy is a cross-platform security scanner designed to identify potential risks in GitHub repositories, packages, or scripts before installation. It highlights various security concerns, including code execution patterns and credential theft, helping users avoid malicious software. The tool is open-source and encourages users to audit its code and report any malware findings.
Nimhawk is an actively developed command and control (C2) framework that builds on the NimPlant project, offering enhanced modularity, security, and a user-friendly web interface for managing implants. Currently, it supports Windows x64 platforms, with plans for a Linux agent in the future. The project encourages community contributions and provides detailed documentation for developers.
Researchers have discovered a new data-stealing malware called "Banana Squad" that is being distributed through GitHub repositories. This malware targets sensitive user information and is linked to various malicious activities, raising concerns about the safety of open-source software hosting platforms. Users are advised to be vigilant and avoid downloading suspicious repositories to protect their data.