安全攻防 None 被劫持的npm和Go包使用VS Code任务部署Python Infostealer Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to dep npm packages and 2026-06-29 info@thehackernews.com (The Hacker News)
安全攻防 None Miasma 恶意软件在供应链攻击中针对 npm 包和 GitHub 操作 Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, M the and has 2026-06-26 info@thehackernews.com (The Hacker News)
安全攻防 None 恶意 npm 软件包冒充 PostCSS 工具来传播 Windows RAT Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based r packages downloads npm 2026-06-23 info@thehackernews.com (The Hacker News)
安全攻防 None 144 个 Mastra npm 软件包通过被劫持的贡献者帐户遭到破坏 As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and Typ npm and many 2026-06-17 info@thehackernews.com (The Hacker News)
数码硬件 None 对 Ubuntu 26.10 amd64v3 软件包的性能优势进行基准测试 With Canonical engineers again experimenting with x86_64-v3 package builds for Ubuntu Linux using an "amd64v3" archive f Ubuntu amd for 2026-06-11 Michael Larabel
安全攻防 None TrapDoor 供应链攻击通过 npm、PyPI 和 CratesIO 传播窃取凭证的恶意软件 A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates。io to distrib new campaign The 2026-05-25 info@thehackernews.com (The Hacker News)
安全攻防 None Packagist 供应链攻击使用 GitHub 托管的 Linux 恶意软件感染 8 个软件包 A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code desig packages malicious code 2026-05-23 info@thehackernews.com (The Hacker News)
安全攻防 None Laravel-Lang PHP 软件包遭到破坏,可提供跨平台凭证窃取程序 Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP pack lang laravel packages 2026-05-23 info@thehackernews.com (The Hacker News)
数码硬件 None Fedora 停用其 Deepin 桌面软件包 A year after SUSE decided to remove its Deepin desktop packages over ongoing security concerns, Fedora Linux is now also packages Deepin over 2026-05-19 Michael Larabel
安全攻防 None Mini Shai-Hulud 通过受损的维护者帐户推送恶意 AntV npm 软件包 Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm attack the npm 2026-05-19 info@thehackernews.com (The Hacker News)
开源推荐 None GitHub 热门项目:packrun GitHub项目:packrun 仓库地址:https://github。com/midday-ai/packrun Stars:3841 | 作者:midday-ai 项目描述:npm for agents and humans ==== package packages packrun 2026-05-18 GitHub Trending
开源推荐 None GitHub 热门项目:关税 GitHub项目:tariff 仓库地址:https://github。com/hxu296/tariff Stars:3128 | 作者:hxu296 项目描述:The official repository for tariff === tariff import TARIFF 2026-05-18 GitHub Trending
安全攻防 None 四个恶意 npm 软件包提供 Infostealers 和 Phantom Bot DDoS 恶意软件 Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is Downloads packages the 2026-05-18 info@thehackernews.com (The Hacker News)
安全攻防 None Mini Shai-Hulud 蠕虫危害 TanStack、Mistral AI、Guardrails AI 及更多软件包 TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and the been npm 2026-05-12 info@thehackernews.com (The Hacker News)
开源推荐 None GitHub 热门项目:qrs GitHub项目:qrs 仓库地址:https://github。 data the which 2026-05-10 GitHub Trending