由于 AI 生成的虚假漏洞报告泛滥，知名开源项目 Node.js 官方宣布，将暂停通过 HackerOne 平台向漏洞报告者发放现金奖励。 漏洞赏金平台 HackerOne 表示，近年来大量用户利用 AI 工具大规模扫描并提交漏洞报告。这种行为导致开源社区的平衡被打破:发现漏洞（或疑似漏洞）的速度已远超开发者修复的速度。更严重的是，其中充斥着大量低质量、误报甚至伪造的报告。

IT之家 4 月 13 日消息，漏洞赏金平台 HackerOne 宣布，由于近年来有大量用户利用 AI 扫描提交漏洞报告，导致开源生态平衡遭打破，发现漏洞的速度赶不上修复漏洞的速度，同时也存在大量虚假漏洞报告，因此即日起平台“互联网漏洞赏金计划”（IBB）将停止接收新的漏洞提交报告，而这一变化也迅速波及多个开源项目。 Node.js 官方随后发布公告称，由于 HackerOne 相应赏金计划暂停运 ...

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

New ELS offerings ensure continuous security patching and operational stability for widely used development frameworks ...

Overview: Want to master JavaScript in 2026? These beginner-friendly books make learning simple and effective.From ...

Harper 5.0 launches with an open-source core, RocksDB support, and a unified runtime for AI agents—cutting latency and ...

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

作为在 webpack 5 中引入的微前端代码共享机制，Module Federation 已发布 2.0 稳定版。这一版本在架构上进行了较大幅度的重构，基于字节跳动内部基础设施的实践经验，并由 Module Federation 原作者 Zack ...

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...

A newly disclosed security flaw in Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem, has raised concern across software and cloud security teams after official ...

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.

The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...