Hardware·Americas
Aikido Security Discovers 151 Compromised GitHub Repos
Key Points
- 1151 GitHub repositories compromised by Glassworm actor
- 2Malicious payloads hidden in invisible Unicode characters
- 3Increases risks of dependency on unverified code sources
- 4151 GitHub repositories compromised by Glassworm actor • Malicious payloads hidden in invisible Unicode characters • Increases risks of dependency on unverified code sources
Aikido Security reported the compromise of at least 151 GitHub repositories by a threat actor known as Glassworm. This campaign utilized a sophisticated technique that embeds malicious payloads within invisible Unicode characters, which are not detectable in code review. The affected repositories, compromised between March 3 and March 9, have since extended to npm and the VS Code marketplace. Aikido notes that the number of affected repositories likely exceeds the identified cases, as some had been deleted prior to the discovery.
Free Daily Briefing
Top AI intelligence stories delivered each morning.
Related Articles
Community Opposition Halts $64B in Data Center Projects
Hardware3 May
Alibaba Releases Qwen3.6-27B for Local AI Coding
Hardware2 May
Data Centers Embrace AI Chips for Enhanced Performance
Hardware2 May
Lenovo Launches Powerful AI Workstation ThinkPad P16 Gen 3
Hardware1 May
OCP Members Advocate for DC Power in Data Centers
Hardware1 May