No more fighting an endless article backlog.

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...

最近半年，AI Agent的热度居高不下，但很多Java团队却陷入了一个尴尬的境地：Python生态的AI框架（LangChain、AutoGen）确实强大。 但要接入现有的Spring ...

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...

针对流行扫描工具Trivy的供应链攻击背后的威胁行为者疑似正在进行后续攻击，导致大量npm包遭到一种名为CanisterWorm的自传播蠕虫感染。该恶意软件利用ICP容器作为命令控制服务器的死信箱解析器，这是首次公开记录的滥用ICP容器获取C2服务器的案例。受影响的包包括EmilGroup和opengov范围内的多个包。感染链通过postinstall钩子执行加载器，投放Python后门联系ICP ...

QCon London A member of Anthropic's AI reliability engineering team spoke at QCon London on why Claude excels at finding ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability ...

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

At QCon London 2026, Suhail Patel, a principal engineer at Monzo who leads the bank’s platform group, described how the bank ...

Panther today announced the general availability of its complete AI SOC Platform, a new category of security operations built around a closed loop. AI agents don't just investigate alerts. They ...

目前尚不清楚谁是攻击背后的黑手，尽管有迹象表明被称为TeamPCP的威胁行为者可能是幕后黑手。这一评估基于凭证收集器在源代码中自我识别为"TeamPCP Cloud ...