New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
TechJuice

SAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack

Multiple SAP npm packages were compromised in a supply chain attack designed to steal developer credentials and tokens.
MUO on MSN

I stopped dreading the terminal after finding these 4 tools

Adapt the old ways.
Visual Studio Magazine

VS Code Curbs Token Use Ahead of Copilot's Controversial Usage-Based Billing Switch

Just two days after GitHub announced usage-based billing for Copilot, Microsoft shipped VS Code 1.118 -- under its new weekly release cadence -- with significant token efficiency improvements designed ...
Bleeping Computer

Payouts King ransomware uses QEMU VMs to bypass endpoint security

The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. QEMU is an open-source CPU emulator ...
Morning Overview on MSN

The PyTorch attack targeted SSH keys, AWS credentials, Kubernetes configs, Docker tokens, and crypto wallets in one sweep

Sometime in early 2026, a routine vulnerability scan turned into something far worse for machine learning teams that depend ...
Computerworld

Industry

Meta to track employee keystrokes, screen activity to train AI agents The data, gathered through a new internal tool, will be used to improve AI agents’ ability to navigate software and complete ...