All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

CrowdStrike, Google, and Shadowserver dismantle Glassworm botnet targeting open-source developers

By

Lorenzo Franceschi-Bicchierai

4d ago· 3 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

If you only eat one bagel today, this is the bagel.

Score85TypenewsSentimentpositive

Summary

CrowdStrike, in collaboration with Google and the nonprofit Shadowserver, has taken down the Glassworm botnet — a cybercriminal operation that targeted open-source software developers for two years. The botnet was used to push malware and steal passwords by infecting open-source projects, aiming to compromise the broader software supply chain and the developers and companies using that software.

Key quotes

· 3 pulled
The takedown operation had the goal of disrupting the activities of the cybercriminals behind the so-called Glassworm botnet, who have been targeting the broader open source software supply chain for two years, according to CrowdStrike.
CrowdStrike, working with Google and Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks, took down a botnet that cybercriminals used to push malware and steal passwords from open-source software developers.
In recent months, several hacking groups have targeted developers and open source projects to push malware
Snippet from the RSS feed
Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.

You might also wanna read

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·2mo ago

GlassWorm: First Self-Propagating Worm Targets VS Code Extensions with Invisible Code

Researchers have discovered GlassWorm, the world's first self-propagating worm targeting VS Code extensions on the OpenVSX marketplace. This

koi.ai·7mo ago

Major Tech Companies Launch Project Glasswing to Secure Critical Software Against AI Cybersecurity Threats

Project Glasswing is a new cybersecurity initiative announced by Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google

anthropic.com·1mo ago

Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws

Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode

anthropic.com·47m ago

ClawdBot Open-Source Malware Framework Targets Cryptocurrency Platforms and Social Media

The article discusses ClawdBot, an open-source malware framework that uses malicious skills to target cryptocurrency platforms and social me

opensourcemalware.com·4mo ago

Klarrio Uncovers Large-Scale Malware Network on GitHub

Klarrio discovered a large-scale malware network on GitHub through the research of their CTO, Bruno De Bus, exposing attempts to install mal

klarrio.com·11mo ago