网络安全研究人员发现，与朝鲜相关的Lazarus组织在npm和Python包索引(PyPI)仓库中投放了一批新的恶意软件包，这些软件包与一个虚假招聘主题活动有关。 这一协调攻击活动被命名为graphalgo，名称来源于在npm注册表中发布的第一个软件包。据评估，该活动自2025年5月以来一直处于活跃状态。 ReversingLabs研究员Karlo Zanki在报告中表示："攻击者通过Linked ...

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

LLMRouter正是为此而来：它把路由器的训练、评测、推理与交互链路统一起来，并提供16+路由策略与一致的CLI数据流水线，让研究者能公平对比方法，让工程团队能快速落地「更聪明、更省钱」的多模型推理系统。

The pandas team has released pandas 3.0.0, a major update that changes core behaviors around string handling, memory ...

Astrix Security, the leader in AI agent security, today announced the general availability of OpenClaw Scanner, a complementary tool that detects deployments of the open-source AI assistant OpenClaw ...

Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets.

相比原版 43 万行代码，这个 99% 的“瘦身”极其震撼。它向开发者证明了一件事：构建一个全功能的、能干活的 AI Agent，其实不需要几十万行代码的堆砌，核心逻辑其实非常纯粹。

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 threats discovered. A full 90% of the attacks targeted the software supply chain ...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...