An elevation of privilege vulnerability in the Windows NTLM authentication protocol and a flaw in Office’s Preview Pain are ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

9月9日，腾讯发布AI CLI工具CodeBuddy Code，并宣布CodeBuddy IDE开启公测，面向所有用户开放使用，无需邀请码。

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...

9月5日，美国AI巨头Anthropic突然宣布*全面封禁中国控股公司*使用Claude服务，甚至用“敌对国家”这样的字眼羞辱我们。就在中国开发者倍感屈辱和无奈之时，9月10日，腾讯正式发布CodeBuddy Code命令行编程工具，宣布全面开放公测 ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

On September 8, several popular npm packages were compromised after a successful phishing attack on a maintainer account.

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

IT之家注意到，早在去年，腾讯云就推出 IDE 插件「代码助手 CodeBuddy」，成为国内首个支持 MCP 协议的代码助手。2025 年 7 月，「CodeBuddy ...

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...