InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...
TMCnet

Jscrambler Announces Industry's First AI Assistant to Streamline PCI DSS Script Authorization Workflows

New AI Innovation Combines Risk-based Insights, Actionable Recommendations, Instant Justifications, and Interactive Chat to Accelerate Compliance with PCI DSS v4 Anti-Skimming Requirements PORTO, ...
TechCrunch

North Korean hackers stole over $2 billion in crypto so far in 2025, researchers say

Hackers working for the North Korean government have stolen more than $2 billion in crypto so far this year, according to blockchain analysis firm Elliptic. On Tuesday, Elliptic published a blog post ...
CSOonline

Evolved PXA Stealer wraps PureRAT in multi-layer obfuscation

Security researchers have uncovered a Vietnamese threat group evolving from their custom PXA Stealer campaign into a multi-layered delivery chain dropping PureRAT, a feature-rich remote access trojan.