A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Claude Code可以说是编程人必备的了，没用过的都不好意思说自己是程序员Claude Code很多人用了很久都没发挥它的真正实力 ——不会配置 = 浪费 90% 能力：MCP ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

朝鲜这个国家，在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力，一直被严重低估。从 2014 年的索尼影业攻击，到 2017 年的 WannaCry 勒索病毒，再到这次对 npm 生态的精准打击，朝鲜黑客的技术水平和作战纪律一点也不「落后 ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...