Anthropic’s leak of proprietary Claude Code sparked the developer community to group around “claw-code,” the fastest-growing ...

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

A newly documented BlankGrabber infection chain is using a bogus “certificate” loader to disguise a multi-stage Windows compromise, adding another layer of deception to a commodity stealer already ...

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...

本次案例正是最好的警示：一个看似正常的扩展插件，险些将病毒带入系统。这充分说明，只要智能体仍在与系统交互、仍在联网运行，运行时的动态防御就绝不能缺失——危险往往藏在“正常操作”背后。此次事件之所以未造成实际影响，关键在于天珣EDR For ...

朝鲜这个国家，在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力，一直被严重低估。从 2014 年的索尼影业攻击，到 2017 年的 WannaCry 勒索病毒，再到这次对 npm 生态的精准打击，朝鲜黑客的技术水平和作战纪律一点也不「落后 ...