Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

币界网消息，知名风投a16z昨日在社交平台发布图表，称OpenAI的Codex单周安装量飙升至8610万次，以10倍优势「碾压」Anthropic的Claude Code。Claude Code负责人Boris ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

npmx （一个开源的 npm 注册表包浏览器）发布 Alpha 版本。与官方的 npmjs.com 界面相比，该浏览器速度更快、功能更丰富。该项目由 Nuxt 核心团队负责人 Daniel Roe 发起，自今年 1 月以来已经吸引了超过 250 名贡献者，并获得了 3000 个 GitHub 星标。 该项目源于一个 Bluesky 讨论帖，Roe ...

币界网消息，Axios报道，由于供应链攻击，OpenAI的macOS签名证书将于明天（5月8日）正式吊销，届时未更新的ChatGPT Desktop、Codex、Codex ...