Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

A large-scale campaign impersonates open-source and freeware project portals to redirect users through a gated TDS and ...

To reach protected secrets, the macOS and Linux versions show a fake password dialog, then reuse the captured password to ...

I’ve briefly discussed this with Dr. Stallman, but to give a fuller picture to Dr. Schestowitz: the application is fully Free software, built from the ground up using entirely peer-to-peer, and end-to ...

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

TTVKTR open-source firmware converts old IR remote controls into presentation clickers through Raspberry Pi RP2040 USB boards ...

文丨李海伦编辑丨徐青阳美国时间6月2日，微软Build 2026开发者大会在旧金山梅森堡拉开帷幕。此次大会主题聚焦于前沿AI技术的实战应用，微软发布了一系列覆盖自研AI模型、智能体应用、操作系统安全、开发者工具、云服务及新型硬件平台的产品与更新。