CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
Crowdfund Insider

Malware : New ‘TrapDoor’ Supply Chain Attack Reportedly Targets Blockchain and Crypto ...

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
CoinJournal

TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.
Le Lézard

Cloud Native Computing Foundation Announces OpenTelemetry's Graduation, Solidifying Status ...

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of OpenTelemetry, a vendor-neutral, open source ...

API降价还不够?DeepSeek V4 账单再打折:四亿Token只花12刀!冲上HN热榜 ...

小编就去扒了一下 Reasonix 的来龙去脉:Reasonix 在4月21号出现在 Github,随后被 DeepSeek 收录官方文档。 图片 前两天 Deepseek 宣布 V4-Pro 模型API价格永久降价,围绕“低成本长上下文 Agent”的讨论被点燃。 图片 借着这股东风,Reasonix 的热度直接暴涨。截至今天,DeepSeek‑Reasonix 在 Github 上已经获得 7 ...
51CTO

一秒吐400个token的GLM-5.1-HighSpeed为什么这么快!?

根据官方说明,GLM-5.1-HighSpeed 使用的是完整旗舰模型,并未通过缩小模型规模来换取速度。它在8×H200 NVL服务器上实现了这一惊人表现,实际生产环境已上线,可直接服务真实用户流量。对比目前主流的 Gemini-3.5-Flash 等模型,GLM-5.1-HighSpeed 在速度上实现了大幅领先。