On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

朝鲜这个国家，在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力，一直被严重低估。从 2014 年的索尼影业攻击，到 2017 年的 WannaCry 勒索病毒，再到这次对 npm 生态的精准打击，朝鲜黑客的技术水平和作战纪律一点也不「落后 ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Claude Code可以说是编程人必备的了，没用过的都不好意思说自己是程序员Claude Code很多人用了很久都没发挥它的真正实力 ——不会配置 = 浪费 90% 能力：MCP ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

py-powershell is a modern, lightweight Python wrapper that provides seamless integration with PowerShell sessions. Built for developers who need reliable, persistent PowerShell automation in their ...

Abstract: Programming language source code vulnerability mining is crucial to improving the security of software systems, but current research is mostly focused on the C language field, with little ...

PythoC lets you use Python as a C code generator, but with more features and flexibility than Cython provides. Here’s a first look at the new C code generator for Python. Python and C share more than ...

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. As Microsoft ...