The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Communications of the ACM

A Decade of Docker Containers

Container instances. Calling docker run on an OCI image results in the allocation of system resources to create a ...

恶意npm包窃取加密货币密钥和API令牌

网络安全研究人员披露了一项名为"沙虫模式"的活跃供应链蠕虫攻击活动,该活动利用至少19个恶意npm包来实施凭据收集和加密货币密钥窃取。
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
腾讯网

强!把OpenClaw缩小99%,砍了40万行代码!港大发布mini版Clawdbot

它用大约4000行Python代码,复刻了Clawdbot的核心智能体能力。Clawdbot的代码量是43万行,nanobot把这个数字压缩了99%。 这不是一个玩具项目。网页搜索、代码执行、文件读写、定时任务、持久记忆——一个能跑起完整"感知-决策 ...