Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
A supply chain attack compromised 30 WordPress plugins, including Countdown Timer Ultimate, after a trusted developer was acquired by a new owner. The WordPress.org Plugins Team issued a security notice regarding the malicious backdoor found in these plugins.
anchor.host
7 min
4/13/2026
Notepad++ supply chain attack breakdown
On February 2, 2026, Notepad++ developers reported a compromise of their update infrastructure due to a hosting provider incident between June and September 2025. Attackers maintained access to internal services until December 2025, leading to multiple execution chains and payloads.
securelist.com
13 min
2/3/2026
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
Notepad++ supply chain attack breakdown
On February 2, 2026, Notepad++ developers reported a compromise of their update infrastructure due to a hosting provider incident between June and September 2025. Attackers maintained access to internal services until December 2025, leading to multiple execution chains and payloads.
securelist.com
13 min
2/3/2026
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
A supply chain attack compromised 30 WordPress plugins, including Countdown Timer Ultimate, after a trusted developer was acquired by a new owner. The WordPress.org Plugins Team issued a security notice regarding the malicious backdoor found in these plugins.
anchor.host
7 min
4/13/2026
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
A supply chain attack compromised 30 WordPress plugins, including Countdown Timer Ultimate, after a trusted developer was acquired by a new owner. The WordPress.org Plugins Team issued a security notice regarding the malicious backdoor found in these plugins.
anchor.host
7 min
4/13/2026
Notepad++ supply chain attack breakdown
On February 2, 2026, Notepad++ developers reported a compromise of their update infrastructure due to a hosting provider incident between June and September 2025. Attackers maintained access to internal services until December 2025, leading to multiple execution chains and payloads.
securelist.com
13 min
2/3/2026
No more articles to load