At least 32 Red Hat npm packages were infected with a credential stealer that simultaneously manipulated GitHub workflows to publish additional packages with forged SLSA attestations and expand supply chain access.
Project Glasswing is a global initiative to strengthen software security through systematic identification and remediation of vulnerabilities in critical systems worldwide.
Project Glasswing discovered over 10,000 critical security vulnerabilities in critical software in one month, with the bottleneck shifting from detection to verification and remediation of vulnerabilities.