Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
Dark Reading

UNC6692 Combines Social Engineering, Malware, Cloud Abuse

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Runner's World

What to do after you've run a marathon in order to recover faster

Congratulations! Now that you’ve done all the hard work, including the months of training, and completed a marathon, it’s time to give yourself a little TLC. It's also an important part of the ...
Morning Overview on MSN

PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs

On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...