bug-bounty491
xss229
bragging-post120
rce93
open-source91
account-takeover77
authentication-bypass75
csrf72
stored-xss72
access-control65
ai-agents63
reflected-xss61
privilege-escalation61
google61
facebook57
web-security53
input-validation53
microsoft50
sql-injection49
cross-site-scripting48
smart-contract46
tool46
ethereum45
defi45
privacy44
web-application43
information-disclosure39
malware39
llm37
responsible-disclosure37
ssrf37
api-security35
opinion35
burp-suite35
web335
automation34
vulnerability-disclosure34
phishing34
machine-learning32
html-injection31
infrastructure31
denial-of-service31
code-generation31
idor29
authentication29
web-vulnerability29
waf-bypass28
remote-code-execution28
rust26
smart-contract-vulnerability26
0
7/10
StepSecurity discovered ForceMemo, an ongoing campaign compromising hundreds of GitHub accounts via the GlassWorm malware (distributed through malicious VS Code/Cursor extensions) to inject obfuscated, Solana blockchain-based C2 malware into Python repositories. Attackers use stolen GitHub credentials to force-push malicious code while preserving original commit metadata, affecting popular projects like Django and ML research repositories.
supply-chain-attack
github-compromise
account-takeover
force-push
malware-injection
python-packages
credential-theft
glassworm
obfuscation
malicious-commits
pypi-security
solana-blockchain
command-and-control
vs-code-extensions
cursor-extension
git-credentials
threat-intelligence
StepSecurity
ForceMemo
GlassWorm
GitHub
Python
PyPI
Django
Streamlit
Solana
Cursor
VS Code
amirasaran/django-restful-admin
BierOne
wecode-bootcamp-korea
HydroRoll-Team