继上周，中几乎所有前端开发者都用过的 HTTP 客户端库 Axios 也“惨遭毒手”： 两个官方版本被植入后门，只要在窗口期执行过 npm install，黑客就能拿到你设备的完整控制权。

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

archinstall 4.0 replaces the curses interface with Textual, adds firewall and UKI support, and fundamentally modernizes the ...

Robots just installed 100 MW of solar power at a major US project, signaling a shift toward AI-driven automation in renewable ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Gesture control robotics replaces traditional buttons and joysticks with natural hand movements. This approach improves user ...

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...

Dave Gray offers a solid, free Python tutorial that runs for about 9 hours. It’s a pretty methodical course, starting with the basics and moving into more complex stuff like closures and recursion. He ...

Now I can use any operating system I want without losing features.

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...