Google's Gary Illyes published a blog post explaining how Googlebot works as one client of a centralized crawling platform, ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour ...

Google's March core update is rolling out. Illyes explains Googlebot's crawling architecture, and Gemini referral traffic ...

网络安全研究人员发现，威胁行为者正在滥用广受欢迎的笔记工具 Obsidian 的 Shell Commands 社区插件，在不利用任何软件漏洞的情况下，悄无声息地在受害者设备上执行恶意代码。该攻击活动被追踪为 ...

Bookmarks break, this extension makes sure mine never do.

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and Linux.

LeakNet may be expanding its reach and scaling up, changing techniques and running campaigns directly, but the ransomware operator’s use of a repeatable post-exploitation sequence gives defenders a ...

朝鲜这个国家，在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力，一直被严重低估。从 2014 年的索尼影业攻击，到 2017 年的 WannaCry 勒索病毒，再到这次对 npm 生态的精准打击，朝鲜黑客的技术水平和作战纪律一点也不「落后」。

事情的起点，是 npm 上发布的 Claude Code 2.1.88 安装包。包里混进了一个本不该公开的 map 文件。这类文件原本只是开发阶段的调试工具，用来在代码被压缩、打包之后，依然能把报错信息对应回原始源码中的具体位置。

The biggest stories of the day delivered to your inbox.

A U.S. Air Force Base that houses B-52 bombers capable of carrying nuclear weapons detected "multiple unauthorized drones" in its vicinity earlier this month, a base official confirmed to Fox News ...