As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...

又一起npm供应链攻击正在蔓延，恶意软件以蠕虫方式感染与Namastex Labs相关的多个npm包，窃取开发者环境中的令牌、API密钥、SSH密钥及云服务凭证，并将数据外传至ICP容器端点。该攻击具备自我传播能力，可识别受害者有权发布的包并注入恶意代码重新发布，还可横向感染PyPI包。安全厂商Socket指出，此次攻击与上月TeamPCP发动的CanisterWorm攻击高度重叠。

Chainguard, the trusted source for open source, today announced a partnership with Cursor, the leading multi-model AI coding platform, to secure the next generation of agentic software development.

FlagGems 作为全球最大的 Triton 单一算子库，已拥有超过400 个大模型常用算子，并已正式进入 PyTorch 基金会生态合作项目。在 40 个主流模型上，推理任务算子覆盖度达到 90%~100%，完整支持 ...

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

当你向 AI 提问「哪款手环最好用」，得到的答案却是一款根本不存在的产品——这不是科幻，而是 2026 年 3·15 晚会曝光的真实事件。AI 正在被「投毒」，而你我都可能是受害者。 你可能已经习惯了每天和 AI 打交道——用它搜索信息、写邮件、做翻译、辅助编程，甚至让它帮你做消费决策。AI 大模型正在变成我们的「第二大脑」，但你有没有想过：如果这个「第二大脑」被人悄悄下了毒，会怎样？ 这不是危言 ...