The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
MIT Technology Review

The Download: a new Christian phone network, and debugging LLMs

A new US-wide cell phone network marketed to Christians is set to launch next week. It blocks porn using network-level ...

What Happens in the First 24 Hours After a New Asset Goes Live

When a new asset goes live, attackers start scanning within minutes. Sprocket Security shows how automated attacks move from ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...