Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Couch to 5K app reaches 10 years with 8m downloads

The NHS Couch to 5k app is celebrating its 10-year anniversary having reached more than 8 million downloads.
The Caledonian-Record

Fluent, Inc. to Announce 2026 First Quarter Financial Results and Host Earnings Conference Call ...

Fluent, Inc. (NASDAQ: FLNT) today announced that it will report its financial results for the quarter ended March 31, 2026, after the ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Cryptopolitan on MSN

Malicious SAP npm packages target crypto wallet data

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

You Might Have Fallen For This CAPTCHA Scam Without Realizing — Here's What To Do Now

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Constructive Open Sources Agentic DB, the Postgres Memory Layer for AI Agents

Constructive, the company behind open-source Postgres and JavaScript infrastructure with over 100 million open-source ...

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows update installerThe Latest Tech News, Delivered to Your Inbox ...