AI Supply Chain Alert: PyPIpackage `lightning` versions 2.6.2 and 2.6.3 were compromised on April 30, 2026.

Both versions contained a multi-stage credential-stealing worm targeting GitHub tokens, AWS, Azure, GCP credentials — and capable of self-propagating through npm packages and GitHub Actions workflows.

Notable: this incident may be one of the first documented real-world abuses of Claude Code hooks for malware persistence.

A MISP event is available for direct import at the bottom of the article.

https://www.cubessa.com/blog/lightning-pypi-supply-chain-incident/lightning-pypi-supply-chain-incident.html

⚡ Game On at BSides Luxembourg 2026!

𝗔𝗚𝗡𝗢𝗟𝗘𝗧𝗧𝗜 & 𝗧𝗥𝗨𝗠𝗣: 𝗚𝗔𝗠𝗜𝗡𝗚 𝗣𝗟𝗔𝗬𝗜𝗡𝗚 𝗧𝗢 𝗪𝗜𝗡 𝗔𝗧 𝗖𝗬𝗕𝗘𝗥 – @klausagnoletti Klaus Agnoletti, Ian Thornton-Trump

Step into a different kind of incident response training in this dynamic 40-minute talk that blends cybersecurity with role-playing strategy. Instead of static playbooks, this session shows how organizations can simulate real-world cyber scenarios using immersive, RPG-style exercises—turning preparation into an engaging and effective experience.

From detecting lurking threats to executing stealthy response actions, containing adversaries, and navigating high-pressure situations, this talk reimagines how teams can train for cyber incidents. Packed with humor and practical takeaways, it highlights how scenario-driven training can sharpen decision-making, improve coordination, and prepare teams to respond with confidence when it matters most.

Klaus Agnoletti @klausagnoletti is a seasoned infosec professional and co-founder of BSides København, known for his creative approach to security training and storytelling. Ian Thornton-Trump brings over 30 years of experience in cybersecurity, threat intelligence, and leadership roles, with a strong focus on building effective security operations and programs across industries.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #IncidentResponse #CyberTraining #ThreatIntelligence #BlueTeam #CyberSecurity

Drone and UAV Forensic

This repository is designed to accelerate the forensic analysis of DIY FPV drones and to help automate technical reporting from seized or recovered artifacts.

The goal is pragmatic: extract useful evidence faster, normalize outputs, and produce data that can be reused in reports or shared into investigative platforms such as MISP.

🔗 https://github.com/CIRCL/Drone-Forensic

#drone #uav #opensource #dfir #threatintelligence #threatintel #misp #digitalforensics

@circl
@misp

Hackathon.lu 2026, held in Luxembourg on 14–15 April 2026, once again showed what makes this event special: it is not just a place to present ideas, but a place where ideas turn into code, releases, integrations, datasets, pull requests, and concrete roadmaps.

Looking across the all project updates, the overall picture is clear. This year’s edition produced more than thirty concrete project outcome threads, spanning threat intelligence, malware analysis, detection engineering, vulnerability intelligence, graph exploration, forensics, and infrastructure.

Some teams shipped releases on the spot.

Others used the two days to validate designs, harden code, identify weaknesses, or connect previously separate tools into more useful workflows.

The result is a hackathon that delivered not only new features, but also better interoperability across the open-source cybersecurity ecosystem.

#hackathon #luxembourg #opensource #cti #cybersecurity #threatintelligence

🔗 For all the details https://hackathon.lu/2026/04/24/hackathon.lu-2026-outcome/

Hey fellow hackers and CTF players and cybersecurity enthusiasts, wanna participate in a small experiment?

I created a small CTF task designed to be solved with AI and I need to collect as much feedback as possible to determine if the core principles I used to create it are relevant.

For now, a few people I know already solved it but I definitely need more people to test it so I made it public:

https://virtualabs.fr/ctfai/

Try it, solve it, and send feedback! 😁

Our paper "Modeling Sparse and Bursty Vulnerability Sightings: Forecasting Under Data Constraints" is now available on arXiv:

https://arxiv.org/abs/2604.16038

And we will present it in Munich this Thursday during the FISRT CTI 2026 conference.

#FIRSTCTI #Munich #Forecasting #Vulnerability #SARIMAX #Poisson #VLAI

Spent my weekend experimenting with the Entropy Loop (#Quantum Village) — and it’s a gem.

This is not just “random noise”:
it’s quantum phase diffusion seeded by vacuum fluctuations, turned into measurable entropy via a beautifully simple interferometric design.

Built a small CLI monitor to track Hmin, bias & stability in real time — might upstream it.

Also using it today with my cybersecurity engineering students:
a $35 open-source kit that bridges quantum physics → signal processing → crypto.

“Garage quantum” is real. (source : https://github.com/QuantumVillage/EntropyLoop)

#Quantum #QRNG #Cybersecurity #OpenHardware