On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...
2026 年 3 月 31 日凌晨,安全研究员 Chaofan Shou 在检查 npm 包时发现了一件奇怪的事。Anthropic 刚刚发布的 Claude Code 2.1.88 版本里,多了一个约 60MB 的 `.js.map` ...
Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...
The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...
A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...
Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
The US cybersecurity agency CISA has flagged a critical code injection flaw in Langflow, the open-source visual framework widely used to build AI agent ...
Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果