bug-bounty492
xss229
bragging-post120
rce95
open-source91
account-takeover77
authentication-bypass75
csrf72
stored-xss72
access-control65
ai-agents63
google62
privilege-escalation62
reflected-xss61
facebook59
microsoft53
web-security53
input-validation53
sql-injection49
cross-site-scripting48
tool46
smart-contract46
ethereum45
defi45
privacy44
web-application43
malware39
information-disclosure39
llm37
ssrf37
responsible-disclosure37
web336
api-security35
opinion35
burp-suite35
automation34
vulnerability-disclosure34
phishing34
machine-learning32
code-generation31
html-injection31
denial-of-service31
infrastructure31
idor30
web-vulnerability29
authentication29
waf-bypass28
remote-code-execution28
apple27
smart-contract-vulnerability26
0
7/10
StepSecurity discovered ForceMemo, an ongoing campaign compromising hundreds of GitHub accounts via the GlassWorm malware (distributed through malicious VS Code/Cursor extensions) to inject obfuscated, Solana blockchain-based C2 malware into Python repositories. Attackers use stolen GitHub credentials to force-push malicious code while preserving original commit metadata, affecting popular projects like Django and ML research repositories.
supply-chain-attack
github-compromise
account-takeover
force-push
malware-injection
python-packages
credential-theft
glassworm
obfuscation
malicious-commits
pypi-security
solana-blockchain
command-and-control
vs-code-extensions
cursor-extension
git-credentials
threat-intelligence
StepSecurity
ForceMemo
GlassWorm
GitHub
Python
PyPI
Django
Streamlit
Solana
Cursor
VS Code
amirasaran/django-restful-admin
BierOne
wecode-bootcamp-korea
HydroRoll-Team