The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
Digital Trends

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

If a website tells you to manually install a “Windows update” from a big blue download button, close that tab immediately. Malwarebytes has just spotted a fake Microsoft support website ...
TechSpot

Malware campaign lures users with fake Windows Update website

Editor's take: Microsoft has increasingly turned Windows Update into a point of frustration for some users, all while cybercriminals continue to exploit weaknesses in the Windows platform to deploy ...
Yahoo News Canada

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

Add Yahoo as a preferred source to see more of our stories on Google. If a website tells you to manually install a “Windows update” from a big blue download button, close that tab immediately.
GIGAZINE

A zero-day vulnerability in Adobe Reader was exploited for several months.

Security researchers have reported the discovery of a zero-day vulnerability in Adobe Reader, Adobe's PDF viewing software, which is believed to be being exploited. Opening a malicious PDF file that ...