Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

With the PyArrow library installed, pandas 3.0 interprets string columns automatically as the str data type instead of NumPy- ...

相比原版 43 万行代码，这个 99% 的“瘦身”极其震撼。它向开发者证明了一件事：构建一个全功能的、能干活的 AI Agent，其实不需要几十万行代码的堆砌，核心逻辑其实非常纯粹。

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow attackers to extract credentials and files — and gain a lateral edge.

Stranger Things concept of the “Upside Down” is a useful way to think about the risks lurking in the software we all rely on.

开源24小时内，Nanobot便收获了1.3K Star，显示出其在开发者社区中的强大吸引力。什么是Nanobot？可以理解为去除了所有“学术装饰”和工程冗余后，剩下的“最小可用Agent内核”。它保留了一个成熟智能体必须具备的能力闭环，包括网页搜索、文件操作、定时任务和记忆机制等，麻雀虽小，五脏俱全。

Linux users face a new threat as cybercriminals exploit a critical vulnerability in Canonical’s Snap Store, hijacking trusted developer accounts to distribute cryptocurrency-stealing malware disguised ...

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

The latest enhancements to our platform empower organizations to stop third-party risk from ever entering their software code, providing them with a prevention-first approach.” Package Firewall, ...