On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A series of malicious LNK files targeting users in South Korea has been detected using a multi-stage attack chain that uses ...

The new DeepLoad malware has been distributed in ClickFix attacks to steal user credentials and install a rogue browser ...

GitHub has been drawn into another cyber threat case after researchers uncovered a multi-stage malware campaign using ...

84% of attacks abuse legitimate tools across 700,000 incidents, expanding internal attack surfaces and evading detection ...

Everything running on your PC uses system resources, so why tax it with unnecessary processes and programs you no longer need ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

OpenClaw's Node for VS Code extension proved it can support a real local file-based workflow, but on Windows the experience still feels more like early infrastructure than finished tooling.

Outclassed by the competition.

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

更讽刺的地方在于，代码里有一个叫"Undercover Mode"的子系统，专门用来防止 Anthropic 内部代号出现在 git commit 里，避免信息泄露。他们精心设计了防泄露机制，然后把整个源码打包进了 npm。