51CTO

Claude Code 完全指南:从 Slash Commands 到 Skills 的演进

Slash Commands 正是为了解决这个问题而诞生的。表面上看,它们只是以 / 开头的命令,但其背后其实是一个带有一组 workflow 约定的具名任务入口。这也是本文将继续探讨的主题。 深入了解 Claude Code 中 Slash Commands 的作用、局限,以及它们为何正在被吸收到 Skill ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
SiliconANGLE

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code ...

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply ...

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
The Next Web

GitHub confirms hackers stole thousands of internal code repositories after employee ...

GitHub confirmed that the cybercrime group TeamPCP exfiltrated roughly 3,800 internal code repositories after compromising an employee device through a poisoned VS Code extension. The Microsoft-owned ...
The Verge

GitHub rushed to fix a critical vulnerability in less than six hours

A critical remote code execution vulnerability was discovered using an AI model and patched within hours. A critical remote code execution vulnerability was discovered using an AI model and patched ...
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. Researchers at cloud security giant Wiz discovered a critical remote code execution ...
Ars Technica

Anthropic says its leak-focused DMCA effort unintentionally hit legit GitHub forks

An Anthropic-backed DMCA effort to remove its recently leaked Claude Code client source code from GitHub this week resulted in the accidental removal of many legitimate forks of its official public ...
TechCrunch

Anthropic took down thousands of GitHub repos trying to yank its leaked source code — a ...

Anthropic accidentally caused thousands of code repositories on GitHub to be taken down while trying to pull copies of its most popular product’s source code off the internet. On Tuesday, a software ...
Bleeping Computer

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...