A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

DEEP#DOOR embeds a Python RAT in a dropper script, using bore[.]pub C2 to steal credentials and evade Windows defenses, ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

A comprehensive tool for automating AWS IAM security reviews. This project provides security professionals and GRC teams with automated access auditing capabilities to enhance cloud security posture ...

The weekend series against the Los Angeles Dodgers was never going to be easy for the Washington Nationals, but it was going to give them a good sense of how they stack up against the premier ...

Cisco source code including AI codebases were exposed in a more modern type of cybersecurity breach against the network vendor. According to Bleeding Computer, Cisco’s development environment was ...

TeamPCP is weaponizing the fruits of its extensive supply chain attacks, using stolen credentials to access cloud and software-as-a-service (SaaS) environments. The threat group this month compromised ...

A large-scale cybersecurity study has revealed a serious global web security issue involving exposed API credentials tied to major platforms, including Amazon Web Services, Stripe, and OpenAI. After ...

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. Threat actors have been abusing credentials stolen in the VS Code GlassWorm campaign to hack ...