The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...
InfoWorld

Dev with Serdar

SQLite databases live on disk as a single file, so it's tempting to think you can make database backups just by copying the file. But this doesn't ensure the copy takes into account any current ...

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...