The Hacker News

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
51CTO

1%大佬卷出46倍差距!Cursor首份开发者习惯报告发布:PR新增代码量 ...

我们都知道,写代码正在被 AI 彻底重构,而现在到底处于 AI 开发的哪个阶段呢? 近期,Cursor 发布了一份《开发者习惯报告》,2026 年春季版,是它的首份此类报告。 基于全球范围内的 AI Coding 数据集,也就是 Cursor 的开发者使用数据,他们从五个维度分析 ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...
腾讯网

Claude Opus 4.8问世,Anthropic估值暴涨至9650亿美元

机器之心编辑部本周五凌晨,Anthropic 正式发布了最新一代大模型 Claude Opus 4.8。Anthropic 表示,新模型构建于 Opus 4.7 ...
51CTO

用了半年才发现:Claude默认配置一直在悄悄掏空我的钱包,分享18个 ...

当 AI 帮你写 SQL、做分析的时候,谁来判断它做得对不对?今天聊聊大模型领域的“裁判模型”如何让数据 Agent 不再是“薛定谔的准确”。 扒完Claude的125个隐藏设置:18个真正能改命的开关,4个连官方文档都没收录。 Anthropic 给 Claude Code 的 settings.json 塞了 125 ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
CoinJournal

TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.
Crowdfund Insider

Malware : New ‘TrapDoor’ Supply Chain Attack Reportedly Targets Blockchain and Crypto ...

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...
Le Lézard

Cloud Native Computing Foundation Announces OpenTelemetry's Graduation, Solidifying Status ...

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of OpenTelemetry, a vendor-neutral, open source ...
Cosmetics Business

What are the best foundation shade matching technologies in 2026?

Finding the perfect foundation shade online has always been one of the biggest challenges in beauty e-commerce. Differences ...

Markdown已过时?Claude Code工程师、卡帕西纷纷力挺HTML

“说实话,我现在几乎完全不用 Markdown 了。” “说实话,我现在几乎完全不用 Markdown 了。” 最近,Anthropic 旗下 Claude Code 的工程师 Thariq Shihipar 撰写了一篇引人深思的文章,他表示:“自己如今更倾向于让 Claude 直接输出 HTML,而不是过去默认的 Markdown。” 这番表态,在 AI 开发者圈子里引发了不小讨论。 有人觉得, ...