Ubuntu services hit by outages after DDoS attack

A group of hacktivists have claimed responsibility for a distributed denial-of-service attack, which has affected several ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Are we ready to give AI agents the keys to the cloud? Cloudflare thinks so

As agents are given permission to handle provisioning, billing, and deployment, enterprises face new challenges around ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
Morning Overview on MSN

PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs

On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

Claude Desktop changes app access settings for browsers you don't even have installed yet

Yet Anthropic's Claude Desktop for macOS installs files that affect other vendors' applications without disclosure, even before those applications have been installed, and authorizes browser ...
SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems ...
WeLiveSecurity

GopherWhisper: A burrow full of malware

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian ...
Bdaily

Five Common Vulnerabilities Found in Today's Mobile Apps

Most people install an app, grant it a few permissions, and never give its security another thought. But behind the… | ...