Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

OpenClaw, an open-source AI agent with a red lobster logo, has sparked a nationwide craze in China in early 2026.Unlike ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

事情的起点，是 npm 上发布的 Claude Code 2.1.88 安装包。包里混进了一个本不该公开的 map 文件。这类文件原本只是开发阶段的调试工具，用来在代码被压缩、打包之后，依然能把报错信息对应回原始源码中的具体位置。

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Build your first fully functional, Java-based AI agent using familiar Spring conventions and built-in tools from Spring AI.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A growing body of academic research warns that AI-assisted “vibe coding,” where language models assemble software from ...

2026 年 3 月 31 日凌晨，安全研究员 Chaofan Shou 在检查 npm 包时发现了一件奇怪的事。 Anthropic 刚刚发布的 Claude Code 2.1.88 版本里，多了一个约 60MB 的 `.js.map` ...