Merck cut a drug discovery cycle by 33% and ships compliant marketing 80% faster. Mastercard is rethinking fraud disputes.

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

插件系统的核心价值是"打包复用"——将 Skills、Hooks、Agents、MCP 捆绑为单个可安装单元，跨项目共享与分发。新手建议先掌握命令、代理、技能三个低难度组件，进阶后再学习钩子、MCP/LSP 服务器的配置，逐步构建个性化插件。 Claude Code 插件使用教程 Claude Code 的 ...

全球最大的开源包管理平台npm再次遭受快速蔓延的恶意软件攻击，此次攻击的目标是被广泛使用的AntV企业级数据可视化工具。 与上周针对TanStack的高知名度npm攻击不同——那次事件利用了复杂的GitHub ...

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.