Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

A newly documented BlankGrabber infection chain is using a bogus “certificate” loader to disguise a multi-stage Windows compromise, adding another layer of deception to a commodity stealer already ...

International cybersecurity firms had been tracking a sophisticated malware strain called PXA Stealers for months, tracing it ...

近日，人工智能领域发生了一起震动全球开发者的安全事件。作为AI开发核心枢纽的LiteLLM网关遭遇供应链投毒攻击，大量使用者的密钥与敏感信息被窃取。这一事件被业界称为“教科书级别的供应链攻击”，其影响范围之广、危害程度之深，再次暴露出当前AI供应链体系的安全隐患。 LiteLLM作为AI网关，能够代理100多种大语言模型（LLM）的API，被广泛应用于AI编程与服务编排场景。目前其在GitHub上 ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...

OpenClaw 是一个强大的 AI Agent 开发框架，本文将详细介绍在 Windows 环境下安装和配置 OpenClaw 的完整步骤，包括环境准备、安装方法、配置验证和常见问题解决。一、环境准备二、Windows 环境安装2.1 安装 ...