The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

News site linked to OpenAI super PAC sent bots posing as journalists to interview real people — site has published nearly 100 articles with real quotes gathered by fake w…

The site has published 94 articles since late December using a fully automated pipeline that drafts stories, reviews them, ...
Tom's Hardware on MSN

News site linked to OpenAI super PAC sent bots posing as journalists to interview real people

The site has published 94 articles since late December using a fully automated pipeline that drafts stories, reviews them, ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

This High School Student Is Teaching Kids Across the Globe How to Code

Last May, Jacob Shaul logged onto his computer and began remotely teaching more than 170 students in Bolivia the basics of ...

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...
Search Engine Land

No-JavaScript fallbacks in 2026: Less critical, still necessary

Google can render JavaScript. That’s no longer up for debate. But that doesn’t mean it always does — or that it does so instantly or perfectly. Since Google’s 2024 comments suggesting it renders all ...

Sonatype Releases Q1 2026 Open Source Malware Index: Trust Abuse Most Successful Attack Vector

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...

I finally quit Chrome for an open source browser, and I'm not looking back

I finally quit using Google Chrome as my default web browser in favor of an open source alternative, and I’m not looking back ...