A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

Security researchers report a sharp rise in malicious open-source packages in 2026, with npm registry threats already surpassing 2024 totals. A new benchmark study found that popular detection tools ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Multiple SAP npm packages were compromised in a supply chain attack designed to steal developer credentials and tokens.

A malicious npm dependency slipped into an AI-assisted crypto trading project has exposed how automated coding tools can be manipulated into importing software that steals credentials, wallet data and ...

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...