Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Online archives of over 20 years of tech reporting | The Register

Dive into The Register's online archive of incisive tech news reporting, features, and analysis dating back to 1998 ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
The Hacker News

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
u

Litecoin Shares Update on Zero Day Exploit: What Happened?

Litecoin took a 13-block reorg with developers issuing an update on the incident. Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The ...
consilium.europa

Russia’s war of aggression against Ukraine: 20th round of stern EU sanctions hits energy revenues, military-industrial complex, trade and financial services, including crypto

The Council today adopted a far-reaching 20th package of restrictive measures comprising 120 further individual listings – the biggest package of listings in two years – and stern, multi-layered ...
https//beincrypto.com

Aave Leads DeFi United Coalition After $292 Million KelpDAO Exploit

Aave's DeFi United rallies industry giants to restore rsETH after KelpDAO hack. Lido, EtherFi, Ethena and Golem back Kulechov's 5,000 ETH personal commitment. Aave deposits fell from $45.8B to $28.6B ...
crypto

Lido joins DeFi relief push after $292M Kelp exploit

Lido Labs has asked the Lido DAO to approve the use of up to 2,500 stETH, worth about $5.8 million, to help reduce the rsETH shortfall caused by the recent Kelp exploit. The proposal says the funds ...
The New York Times

DeepSeek’s Sequel Set to Extend China’s Reach in Open-Source A.I.

Chinese companies have embraced making their most advanced artificial intelligence models available to all. The Chinese start-up DeepSeek shook the industry in January 2025 with its claim that it had ...