Backdoored PyTorch Lightning package drops credential stealer

Published on May 4, 2026

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. [...]

Continue reading on website
Other news

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

May 4, 2026
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

May 4, 2026
An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts.The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps with clusters