Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
来自MSN

'Unbelievable': US involvement in Iran has been 'obfuscated' by the media

Filmmaker Ami Horowitz details how US involvement in Iran has been obfuscated by the media. “It’s unbelievable to me that they could continue … to say the same talking points, written by the way ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...
Digital Trends

Do not fall for this fake Windows update support site. It’s spreading a password-stealing ...

If a website tells you to manually install a “Windows update” from a big blue download button, close that tab immediately. Malwarebytes has just spotted a fake Microsoft support website ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
Cryptopolitan on MSN

Malicious SAP npm packages target crypto wallet data

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...