socket.dev
news
socket.dev
IrregularChat: Purple Team
4w ago
Socket’s threat research team uncovered a new PyPI wave tied to the broader Mini Shai-Hulud, Miasma, and Hades supply chain campaign. The latest wave adds 23 newly identified package-version artifacts
Semgrep reports that the PyPI package **lightning**—a widely used deep learning framework for training and inference—was compromised in versions **2.6.2** and **2.6.3** in a supply chain attack publis