The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
CoinJournal

TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

AI is making everyone web app builders - but leaving teams exposed

When (and why) does AI coding flip from promising to a security nightmare? Let's look under the coding hood.
51CTO

生产级 AI Agent 构建指南:MCP、CLI 与 Skills 的正确使用姿势

MCP 饱受批评的几点(Token 开销、认证缺口、Server 质量) —— 是真实但可解决的工程挑战,而非生存威胁。生态系统已经在自我修正:渐进式发现和 Code Mode 大幅降低了 Token 膨胀和延迟。 2024 年,我们在搭 Demo。 2025 年,我们在写 Coding Agent。 2026 年,我们开始把 ...