PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

CVE-2026-31431 CVSS 7.8 flaw since 2017 enables root via 732-byte exploit, impacting major Linux distributions.

These Men Allegedly Profit Off Teaching People How to Make AI Porn

Three Arizona women have filed a lawsuit against a group of men that alleges they used the women’s photos to make AI porn ...

Hackers arrested for hijacking and selling 610,000 Roblox accounts

The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a ...

OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts

OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential ...
Decrypt

OpenAI Rolls Out Advanced Account Security for ChatGPT Users

OpenAI's new opt-in security feature requires passkeys, limits recovery options, and excludes chats from training.

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
PCMag

19-Year-Old Nabbed in Ukraine for Hijacking 610,000 Roblox Accounts

The teen conspired with two friends to target the accounts by using info-stealing malware dressed up as a game-enhancing ...