{"id":11390,"date":"2026-03-17T07:03:34","date_gmt":"2026-03-17T07:03:34","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/03\/17\/glassworm-attack-uses-stolen-github-html\/"},"modified":"2026-03-17T07:03:34","modified_gmt":"2026-03-17T07:03:34","slug":"glassworm-attack-uses-stolen-github-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/03\/17\/glassworm-attack-uses-stolen-github-html\/","title":{"rendered":"GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos"},"content":{"rendered":"<p>    GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories.<br \/>\n&#8220;The attack targets Python projects \u2014 including Django apps, ML research code, Streamlit dashboards, and PyPI packages \u2014 by appending obfuscated code to files like setup.py, main.py, and app.py,&#8221; StepSecurity said. &#8220;Anyone who runs<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><\/p>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/thehackernews.com\/2026\/03\/glassworm-attack-uses-stolen-github.html\">Go to TheHackersNews<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. &#8220;The attack targets Python projects \u2014 including Django apps, ML research code, Streamlit dashboards, and PyPI packages [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[76],"class_list":["post-11390","post","type-post","status-publish","format-standard","hentry","category-thehackersnews","tag-thehackersnews"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11390"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=11390"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11390\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=11390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=11390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=11390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}