Skip to content
[email protected] (The Hacker News) Page 7

[email protected] (The Hacker News)

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft.… 

Read More »PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Ravie LakshmananApr 30, 2026Cloud Security / Threat Intelligence Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of… 

Read More »New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating… 

Read More »EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

Ravie LakshmananApr 30, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431… 

Read More »New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems.… 

Read More »Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep,… 

Read More »SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The package in question is “@validate-sdk/v2,” which… 

Read More »New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: “So, are we actually… 

Read More »What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)