Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Security researchers report a sharp rise in malicious open-source packages in 2026, with npm registry threats already surpassing 2024 totals. A new benchmark study found that popular detection tools ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Trellix says a part of its source code repository was recently breached, but shared little other information about the ...

Such an extraordinary leap that, due to cybersecurity concerns, Anthropic will only use Mythos “as part of a defensive ...

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

A widely used open-source tool stole passwords and API keys from over 1 million users. Here's what Ghanaian developers need ...