Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New ‘Perseus’ Android malware checks user notes for secrets

A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery ...

He Built the Definitive Epstein Database—and It Consumed His Life

The data engineer started as a casual reader of the Jeffrey Epstein files. Then he became obsessed, and built the most ...
Nieman Journalism Lab

“We’re not going to do a chatbot anytime soon”: Notes on RISJ’s AI and the Future of News symposium

The Oxford conference tacked topics like live fact-checking, AI-powered tag pages, and computer vision–based investigations.
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...