A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

讨论主题：Fable 5参与嘉宾：拾象 Best Ideas 社群Fable 5 是过去半年最受市场期待的模型，而在真正发布之后，它又迅速成为“最具争议”的模型。除了安全禁令外，它的使用体验反差也相当明显：在一些任务里，Fable 5 ...

A fresh wave of phishing emails is exploiting a blind spot in enterprise email security tools — one that most organizations have not closed — by disguising executable JavaScript inside SVG image files ...

The malware blends data theft with remote code execution, “turning a financially motivated stealer into a lightweight backdoor,” Microsoft said. Microsoft Threat Intelligence is warning Windows users ...

The Windows-based CryptoBandits cryptocurrency clipper blends data exfiltration and remote code execution in a backdoor.

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. Miasma appears to be an evolution ...

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...

Fable 5 是过去半年最受市场期待的模型，而在真正发布之后，它又迅速成为“最具争议”的模型。除了安全禁令外，它的使用体验反差也相当明显：在一些任务里，Fable 5 更像一位能独立推进任务的同事，而不再是只会执行的实习生；与此同时，也有一部分开发者却给出相反结论：在很多真实生产任务里，它并没有带来底层智能的质变。 评价的两极其实并不矛盾：只有在高价值任务上，模型的上限才看得见；在那些已经“够用 ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.