过去一年，主流 AI Agent 平台几乎都引入了沙箱机制，但模式如出一辙：用容器或微虚拟机封装，套上硬件隔离，然后对外宣称"安全"。资本涌向"军事级隔离"概念的 AI 基础设施公司，工程团队花数月时间对接 ...

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

All in all, your first RESTful API in Python is about piecing together clear endpoints, matching them with the right HTTP ...

网络安全研究人员在npm注册表中发现了36个恶意包，这些包伪装成Strapi CMS插件，但携带不同的有效载荷，用于Redis和PostgreSQL利用、部署反向Shell、收集凭据并投放持久化植入程序。

A prolific cybercrime group has been weaponizing n-day and zero-day exploits in high-tempo Medusa ransomware attacks over the ...

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

如果你最近在用OpenClaw跑Agent、装Skill，或者即便只是正常装了几个常见依赖，那你可得好好注意了！ 今日，资深开发者Daniel Hnyk在社交平台X上紧急发文警告称：LiteLLM的PyPI官方发布版本1.82.8已被注入恶意代码，并着重强调“DONOTUPDATE”（请勿更新）。 随后OpenAI联合创始人、前特斯拉AI主管Andrej Karpathy也亲自发帖称：“软件恐怖事 ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.