The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...

OpenAI to Apple macOS users: Update ChatGPT, Codex and its other apps before May 8 or lose access

OpenAI is mandating macOS users update ChatGPT Desktop and other apps by May 8, 2026, due to a compromised JavaScript library ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
Security Boulevard

A fake Slack download is giving attackers a hidden desktop on your machine

This trojanized Slack installer looks normal, but quietly gives attackers an invisible desktop to access your accounts and data. We take a deep dive into the attack.

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...