Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

EDB Postgres ...

Proprietary warehouses delivered scale — but at the cost of control, predictable pricing, and real flexibility. Enterprises are doing the math.

The web framework IHP 1.5.0 brings a new database layer, significant performance gains, and an improved modular architecture.

Apple's freshly minted iOS 26.4 packs more punch than a double-shot macchiato. Headlining the release is Playlist Playground ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Supply chain attacks feel like they're becoming more and more common.

针对流行扫描工具Trivy的供应链攻击背后的威胁行为者疑似正在进行后续攻击，导致大量npm包遭到一种名为CanisterWorm的自传播蠕虫感染。该恶意软件利用ICP容器作为命令控制服务器的死信箱解析器，这是首次公开记录的滥用ICP容器获取C2服务器的案例。受影响的包包括EmilGroup和opengov范围内的多个包。感染链通过postinstall钩子执行加载器，投放Python后门联系ICP ...

在企业数字化转型深化的 2026 年，开源 ERP 凭借零授权成本、高定制弹性、全链路自主可控等核心优势，成为大中小微企业的优选方案，既能覆盖财务、供应链、生产等通用场景，也能适配专业领域的个性化管理需求。本文结合行业性差异，精选 6 款主流开源 ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...