As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

又一起npm供应链攻击正在蔓延，恶意软件以蠕虫方式感染与Namastex Labs相关的多个npm包，窃取开发者环境中的令牌、API密钥、SSH密钥及云服务凭证，并将数据外传至ICP容器端点。该攻击具备自我传播能力，可识别受害者有权发布的包并注入恶意代码重新发布，还可横向感染PyPI包。安全厂商Socket指出，此次攻击与上月TeamPCP发动的CanisterWorm攻击高度重叠。

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...

Chainguard, the trusted source for open source, today announced a partnership with Cursor, the leading multi-model AI coding platform, to secure the next generation of agentic software development.

DeepSeek今日发布了DeepSeek-V4-Pro 1.6T 旗舰模型(1.86万亿参数）、及DeepSeek-V4-Flash 284B 高效模型（2840亿）。众智 FlagOS 社区第一时间对两个“巨无霸”模型进行全量适配，已经完成 ...

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

当你向 AI 提问「哪款手环最好用」，得到的答案却是一款根本不存在的产品——这不是科幻，而是 2026 年 3·15 晚会曝光的真实事件。AI 正在被「投毒」，而你我都可能是受害者。 你可能已经习惯了每天和 AI 打交道——用它搜索信息、写邮件、做翻译、辅助编程，甚至让它帮你做消费决策。AI 大模型正在变成我们的「第二大脑」，但你有没有想过：如果这个「第二大脑」被人悄悄下了毒，会怎样？ 这不是危言 ...