On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

The String is weekly think radio featuring conversations and features on culture, media and American music - anchored by veteran journalist and broadcaster Craig Havighurst. Music makers, enablers, ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

这不是一篇抨击文章。任何代码库都有技术债。但 Claude Code 是一个可以在你本机执行任意命令的产品，而它背后的公司融资超过 100 亿美元。有些设计选择，值得被公开讨论。 JSX 的嵌套深度达到 22 层（第 4604 行）。条件分支超过 ...

You should grab a stiff drink before reading this.

New research suggests that the making of string figures, a globally documented practice, may point to shared cultural heritage stretching back millennia. The research offers a new way to investigate ...

Turns out Windows errors can speak English. Who knew?

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...

更讽刺的地方在于，代码里有一个叫"Undercover Mode"的子系统，专门用来防止 Anthropic 内部代号出现在 git commit 里，避免信息泄露。他们精心设计了防泄露机制，然后把整个源码打包进了 npm。

Cybersecurity researchers at Kaspersky’s Global Research and Analysis Team (GReAT) have spotlighted a highly evolved banking Trojan.