Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
51CTO

VS Code 官宣支持 Vite+?尤雨溪的下一盘大棋曝光了

很多人第一次看到这个 PR,可能会觉得:新增一个 vp 配置项,没什么大不了。但对于前端生态来说,它释放出的信号非常明确:下一代 JavaScript 工具链,正在从"多个工具拼装"走向"统一平台"。 做前端开发的,谁没被工具链体系割裂折磨过? 一个项目启动,先要 ...

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 ...

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Iroh 1.0 turns the internet into a secure localhost

The modular networking stack Iroh reaches version 1.0. It relies on cryptographic keys instead of IP addresses for networking ...

Children vaccinated for HPV have close to zero risk of dying from cervical cancer before age 30, study suggests

Children who are vaccinated for HPV at age 12-13 have close to zero risk of dying from cervical cancer before they are 30, a study estimates.
Tencent News

当AI“探员”遇上代码难题:TokenRhythm等机构联合打造的“公平竞技场 ...

要理解这项研究的价值,得先聊聊背景。近年来,有一类AI工具越来越火,它们不只是回答问题,而是能像真人程序员一样,自主地打开文件、修改代码、运行测试、反复调试,直到把一个真实的软件问题解决掉。这类工具有个专业叫法——"代码智能体"(coding agent),OpenClaw就是其中的典型代表。