The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Second Thomas Dambo troll installation coming to Southeast Wisconsin

Preview this article 1 min The large wooden troll sculptures by the Danish artist are viewed as a tourism draw. Thursday, May ...

After a year of revisions and six meetings, German Village project goes up for a vote

A developer will finally see if a multifamily project can be built in German Village after a year-long process.
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
Cryptopolitan on MSN

Crypto devs face new threat from Claude-based malware

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...
La Crosse Tribune

Hwy. 16 lane closures expected for La Crosse water pipe installation

La Crosse is preparing to install 2.2 miles of water piping along Highway 16, pending approval from the state Public Service ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...
The Caledonian-Record

Port Houston Awarded $48 million MARAD Grant for Bayport Terminal Expansion and Enhancements

Port Houston has been awarded a $48 million federal grant to support the construction of a new container yard and the ...
Cryptopolitan on MSN

Hacker target the OpenVSX ecosystem to steal crypto wallets

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
GovInfoSecurity

Socket Buys Secure Annex to Expand Supply-Chain Visibility

Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and ...