PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to...
2026Supply
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack...
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Ravie LakshmananMar 02, 2026Supply Chain Attack / Malware Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview...
npm’s Update to Harden Their Supply Chain, and Points to Consider
The Hacker NewsFeb 13, 2026Supply Chain Security / DevSecOps In December 2025, in response to the Sha1-Hulud incident, npm completed...
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
Ravie LakshmananFeb 04, 2026Supply Chain Security / Secure Coding The Eclipse Foundation, which maintains the Open VSX Registry, has announced...
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Ravie LakshmananJan 28, 2026Supply Chain Security / Malware Cybersecurity researchers have discovered two malicious packages in the Python Package Index...
