Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

One tool call to rule them all? New open source Python tool Runpod Flash eliminates containers for faster AI dev

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential ...
Morning Overview on MSN

PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs

On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Zed team releases version 1.0 of Rust-built editor: Traditional editor and AI tool

Team wins praise for adding 'disable all AI features' setting for devs who want a code editor to be only a code editor ...
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...

Air Jordan 3 Animal Instinct 2.0 — Wild Build, Bold Look: Where to Buy

The Air Jordan 3 "Animal Instinct 2.0" swapped mammal prints for croc, snakeskin, and ostrich textures. A statement pair that ...
SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems ...
CNX Software

Ubuntu 26.04 LTS “Resolute Raccoon” released with Linux 7.0

Canonical has just announced the release of Ubuntu 26.04 LTS “Resolute Raccoon” Linux distribution about two years after ...

Your Ubuntu 16.04 systems are now sitting ducks unless you pay up or move out

Running a decade-old OS is a ticking time bomb for your data security. With standard ESM over, you're forced to choose ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
Microsoft

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments

A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud ...