Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Couch to 5K app reaches 10 years with 8m downloads

The NHS Couch to 5k app is celebrating its 10-year anniversary having reached more than 8 million downloads.

Apple Releases Safari Technology Preview 243 With Bug Fixes and Performance Improvements

Apple today released a new update for Safari Technology Preview, the experimental browser that was first introduced in March ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Retiring? An AI agent will see you now to download your knowledge

It sounds like science fiction, but that’s how one company is trying to tackle a real workforce challenge in Canada ...
The Hacker News

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

Silver Fox spreads ABCDoor via 1,600 phishing emails in 2026 targeting India and Russia, enabling data theft and remote ...
TMCnet

fal Launches HappyHorse-1.0, the #1-Ranked AI Video Model, as Official API Partner

Happy Horse, a new state of the art video model is now available April 27th via fal's generative media cloud for developers ...
Decrypt

You Installed Hermes. Now Make It Look Better Than ChatGPT or Claude

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...