Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, ...

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

之前Claude Code几乎垄断AI CLI，但伴随着最近Claude作妖事件，也让中国开发者纷纷表示要弃用。这个节骨眼上，腾讯自研的AI CLI出来得刚刚好，而且国内版直接集成DeepSeek免费使用，在很多运维场景中也完全够用了。

9月5日，美国AI巨头Anthropic突然宣布*全面封禁中国控股公司*使用Claude服务，甚至用“敌对国家”这样的字眼羞辱我们。就在中国开发者倍感屈辱和无奈之时，9月10日，腾讯正式发布CodeBuddy Code命令行编程工具，宣布全面开放公测 ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

On September 8, several popular npm packages were compromised after a successful phishing attack on a maintainer account.

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

IT之家注意到，早在去年，腾讯云就推出 IDE 插件「代码助手 CodeBuddy」，成为国内首个支持 MCP 协议的代码助手。2025 年 7 月，「CodeBuddy ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...