国家网络与信息安全信息通报中心通报：主流JavaScript软件包管理平台npm遭供应链投毒攻击 ...

新京报讯 据国家网络安全通报中心消息，监测发现，全球主流JavaScript软件包管理平台npm遭“沙虫”（Shai-Hulud）供应链投毒攻击。攻击者攻陷了npm官方维护者账户，并在短时间内批量投放大量恶意软件包，涉及300余个独立程序包的600余个恶意版本，影响多个热门开源项目。当开发者安装恶意依赖包后，程序会自动在本地主机、CI/CD流水线环境执行恶意代码，窃取GitHub Token、np ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the ...

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Teacher’s guide learning modules and self-assessment tools for students are part of the third annual Student Guide to Artificial Intelligence, a production of Elon University, the ...

Learn how a single JavaScript Date() timezone mistake silently corrupts web apps and how to fix timestamp bugs in JS, Python, ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

(Nasdaq: KLTR), the Agentic Digital Experience company, today announced the open-source release of a suite of AI agent skills - structured, production-tested knowledge modules that enable AI coding ...