在开源生态高度繁荣的今天，一行代码、一个权限、一款插件，都可能成为引爆供应链安全危机的导火索。本文作者亲历了自己维护 8 年的知名开源项目 Neutralinojs 遭遇恶意攻击，且他的经历并非个例，而是一个典型信号：供应链攻击已经从“攻击代码”，演变为“攻击信任关系”。它不再依赖传统Bug，而是潜伏在协作者权限、开发流程乃至 AI 插件生态之中，悄无声息地发生。 很多时候，我们总是担心想象中的风 ...

There’s a growing body of data showing the tariffs President Donald Trump said would help American factories are, in fact, squashing many of them. Take, for example, Allen Engineering, which ...

A large-scale GlassWorm malware campaign targeting developer platforms appears to be significantly more extensive and sophisticated than previously ...

LeakNet ransomware uses ClickFix attacks on hacked sites to trick users into running malicious commands and stealing data.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

The phishing site it is not affiliated with Igloo Inc or Pudgy Penguins, but is designed to lure fans and steal their crypto passwords.