my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #glassworm

GlassWorm Is Hiding Malware in Invisible Code and Pushing It Into Your Python Repos

John Z Black Mar 17, 2026

Supply Chain & Software Security #supply-chain #glassworm #github #python #malware #unicode #developer-security

GlassWorm steals GitHub tokens, then injects malicious code written in invisible Unicode characters into repos developers already trust. 151 packages hit in one week.

Read More