GlassWorm Attack: Malware in Python Repos via Stolen GitHub Tokens – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

GlassWorm Attack: Malware Injected into Python Repositories Using Stolen GitHub Tokens

The advanced threat group GlassWorm has leveraged stolen GitHub access tokens to inject malware into the code repositories of Python projects. The attack is expected to have a widespread impact. The full scope of affected projects and data is still being determined.

GlassWorm Attack: Malware Injected into Python Repositories Using Stolen GitHub Tokens

GlassWorm Attack: GitHub Tokens Used to Distribute Malware

In a significant development in the cybersecurity landscape, the GlassWorm advanced persistent threat (APT) group has targeted vulnerabilities within the GitHub platform. Attackers successfully injected malware into the code repositories of popular Python libraries by utilizing stolen GitHub access tokens.

Attack Details

The method employed by the GlassWorm group is highly sophisticated. The attackers used compromised GitHub tokens to perform force-push operations directly into the projects, allowing them to make unauthorized changes that would otherwise be difficult to implement. The targeted projects are believed to be widely used within the Python ecosystem, increasing the potential reach of the attack.

Affected Parties and Data

At present, the exact number of affected projects and developers remains unclear. However, given the popularity of the libraries, this incident could put numerous end-users and companies at risk. While details on the specific types of data exfiltrated are scarce, the injection of malware into code repositories suggests a potential for the malicious code to spread further through the software supply chain.

Has your email been leaked? Check for free — results in seconds.

Check Now →

Preventive Measures and Recommendations

Cybersecurity experts are urging developers and organizations to take the following precautions:

  • GitHub Account Security: Ensure Two-Factor Authentication (2FA) is enabled and use strong, unique passwords.
  • Token Management: Store GitHub tokens securely and avoid unnecessary sharing.
  • Code Review: Implement rigorous code review processes for all changes.
  • Dependency Scanning: Regularly scan third-party libraries for malicious code.

This attack underscores the critical importance of software supply chain security. Developers and security teams must remain vigilant and adopt the latest security best practices.

Source

https://thehackernews.com/2026/03/glassworm-attack-uses-stolen-github.html

Share This Article
X LinkedIn WhatsApp
← Previous Post CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Next Post → Weekly Cybersecurity Recap: Chrome 0-Days, Router Botnets, and AWS Breach

Weekly Newsletter

Curated data breach news delivered to your inbox every week.