The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

I vibe coded a feed reading web app. It was enlightening and uncomfortable

Back in 2019, AI attracted attention for producing quirky, weird content. By 2022, it was producing occasionally passable ...
The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

Two different attackers poisoned popular open source tools - and showed us the future of ...

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
InfoWorld

GitHub Copilot CLI adds Rubber Duck review agent

Rubber Duck uses a second model from a different AI family to evaluate the primary agent’s plans, question assumptions, and ...
腾讯网

36个恶意npm包利用Redis和PostgreSQL部署持久化植入程序

网络安全研究人员在npm注册表中发现了36个恶意包,这些包伪装成Strapi CMS插件,但携带不同的有效载荷,用于Redis和PostgreSQL利用、部署反向Shell、收集凭据并投放持久化植入程序。
The Next Web

Hackers breached the European Commission by poisoning the security tool it used to protect ...

CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...
腾讯网

去你的「同事.Skill」

「同事.Skill」也会导致同类效果:你的劳动产出,终究是在为那个终将取代我们的Skill提供养料。你习得的技能越多越强,炼成的「同事.Skill」没准就越丰富多样,你被替代的可能兴许就会越高。

CNCF's Dapr Agents Tackles The Problem Most AI Frameworks Ignore

CNCF launches Dapr Agents v1.0 at KubeCon EU, prioritizing crash recovery and durability over intelligence. Zeiss validates ...

大厂笔试新陷阱:90%的人倒在这3类题上,LeetCode不考了?

又是一年秋招季。前几天,一位刚结束某大厂笔试的学弟找我诉苦:“学长,我LeetCode刷了快500道,周赛能稳定三题,结果昨天的笔试直接给我整不会了。” 我问他考了什么。 “第一道算法题我10分钟AC了,还挺得意。结果第二页弹出来一个什么‘系统设计选择题’,第三页是一个‘代码纠错+重构’的综合题,最后还来了个‘业务场景分析’——让我分析一个秒杀系统的流量峰值问题,然后写出关键代码片段。” “我感觉 ...