Articles on devtake.dev covering Socket.https://devtake.dev/en-ushttps://devtake.dev/article/pytorch-lightning-pypi-compromise-mini-shai-hulud/https://devtake.dev/article/pytorch-lightning-pypi-compromise-mini-shai-hulud/Two malicious lightning releases hit PyPI on April 30. The 42-minute window was enough to ship an RSA-encrypted infostealer to ML developers worldwide.Sat, 02 May 2026 09:00:00 GMTsecuritypytorch-lightningpypisupply-chainmini-shai-huludcredential-theftpythonmlsecurityluca-reinhardthttps://devtake.dev/article/canisterworm-namastex-npm-pypi-supply-chain/https://devtake.dev/article/canisterworm-namastex-npm-pypi-supply-chain/Socket flagged a self-propagating worm in @automagik/genie, pgserve, and 14 sibling Namastex Labs packages. It steals 40 credential categories and republishes itself.Tue, 28 Apr 2026 16:30:00 GMTsecuritynpmsupply-chaincanisterwormsecuritynamastexteampcppypicredential-theftluca-reinhardthttps://devtake.dev/article/bitwarden-cli-shai-hulud-npm-worm/https://devtake.dev/article/bitwarden-cli-shai-hulud-npm-worm/A malicious @bitwarden/cli@2026.4.0 hit npm on April 22. The payload steals npm tokens, cloud secrets, and Claude Code credentials, then self-replicates.Thu, 23 Apr 2026 19:00:00 GMTsecuritybitwardenshai-huludnpmsupply-chainwormcredential-theftcheckmarxcicdluca-reinhardthttps://devtake.dev/article/github-fake-star-economy/https://devtake.dev/article/github-fake-star-economy/A Carnegie Mellon study counted 6 million suspected fake stars across 18,617 GitHub repos. Here's what the StarScout research actually found and how to read a star count now.Mon, 20 Apr 2026 16:00:00 GMTopen-sourcegithubfake-starsstarscoutopen-sourcesoftware-researchicse-2026supply-chainai-repossoren-vanek