The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
FinanceFeeds

Crypto Hackers Steal $17 Billion as Private Key Attacks Surge, DefiLlama Data Shows

Private key compromises are emerging as one of the most costly risks in crypto, with more than $17 billion stolen across 518 ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Cryptopolitan on MSN

Ethereum users noticed over 500 wallets were drained in the past 24 hours

Old Ethereum wallets were drained after as much as seven years of no activity, sparking speculations about the safety of ...

Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for ...

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a ...

CISA orders feds to patch Windows flaw exploited as zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems ...
TechJuice

SAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack

Multiple SAP npm packages were compromised in a supply chain attack designed to steal developer credentials and tokens.
PCMag UK

Got an ISP Warning About Your TP-Link Router? Consider Replacing It

Charter's Spectrum emails customers about Russian hackers exploiting end-of-life TP-Link routers. But there's no great ...
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
CSO Online

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

AiTM attacks don't steal passwords; they copy the result of a real login. You need to watch what happens after the user logs ...
Dark Reading

DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other ...