An elevation of privilege vulnerability in the Windows NTLM authentication protocol and a flaw in Office’s Preview Pain are ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

之前Claude Code几乎垄断AI CLI，但伴随着最近Claude作妖事件，也让中国开发者纷纷表示要弃用。这个节骨眼上，腾讯自研的AI CLI出来得刚刚好，而且国内版直接集成DeepSeek免费使用，在很多运维场景中也完全够用了。

9月5日，美国AI巨头Anthropic突然宣布*全面封禁中国控股公司*使用Claude服务，甚至用“敌对国家”这样的字眼羞辱我们。就在中国开发者倍感屈辱和无奈之时，9月10日，腾讯正式发布CodeBuddy Code命令行编程工具，宣布全面开放公测 ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

On September 8, several popular npm packages were compromised after a successful phishing attack on a maintainer account.

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

IT之家注意到，早在去年，腾讯云就推出 IDE 插件「代码助手 CodeBuddy」，成为国内首个支持 MCP 协议的代码助手。2025 年 7 月，「CodeBuddy IDE」作为独立产品内测，主打「对话即编程」，用户无需代码基础，通过自然语言即可完成应用从构思到部署的全流程。

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...