The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...

A new Tampa startup accelerator program to launch this fall

A new statewide startup accelerator program backed by Florida's most influential business leaders is taking shape with Tampa ...

Dayton International Airport secures $18M for freight flow improvement project

More than $17 million in state funding will target freight flow and congestion around Dayton International Airport to improve ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
The Caledonian-Record

Town Takes Next Steps To Refill Recreational Pond

After Sugar Hill’s Coffin Pond was drained in March following the state’s removal of a failing decades-old dam, new strides ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...
Winona Daily News

Hwy. 16 lane closures expected for La Crosse water pipe installation

La Crosse is preparing to install 2.2 miles of water piping along Highway 16, pending approval from the state Public Service ...

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
Security Boulevard

Networks of Browser Extensions Are Spyware in Disguise

Modern browser extensions and ad blockers are legally collecting and reselling user data, including streaming habits and B2B sales intelligence, under the guise of "analytics." This unregulated "legal ...