bug-bounty546
xss299
rce155
google122
bragging-post120
exploit108
account-takeover102
facebook93
open-source91
csrf86
microsoft77
authentication-bypass75
privilege-escalation72
stored-xss72
writeup68
access-control65
ai-agents63
reflected-xss61
ssrf56
cve56
web-security53
input-validation53
sql-injection49
cross-site-scripting48
smart-contract46
tool46
ethereum45
defi45
browser45
privacy44
web-application43
malware40
information-disclosure39
apple38
responsible-disclosure37
lfi37
llm37
web336
burp-suite35
opinion35
api-security35
automation34
vulnerability-disclosure34
dos33
oauth32
phishing32
machine-learning32
csp-bypass31
denial-of-service31
infrastructure31
0
7/10
StepSecurity discovered ForceMemo, an ongoing campaign compromising hundreds of GitHub accounts via the GlassWorm malware (distributed through malicious VS Code/Cursor extensions) to inject obfuscated, Solana blockchain-based C2 malware into Python repositories. Attackers use stolen GitHub credentials to force-push malicious code while preserving original commit metadata, affecting popular projects like Django and ML research repositories.
supply-chain-attack
github-compromise
account-takeover
force-push
malware-injection
python-packages
credential-theft
glassworm
obfuscation
malicious-commits
pypi-security
solana-blockchain
command-and-control
vs-code-extensions
cursor-extension
git-credentials
threat-intelligence
StepSecurity
ForceMemo
GlassWorm
GitHub
Python
PyPI
Django
Streamlit
Solana
Cursor
VS Code
amirasaran/django-restful-admin
BierOne
wecode-bootcamp-korea
HydroRoll-Team