资讯

The Hacker News

40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials

The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...
PhoneWorld

Pakistan’s NCERT Issues Urgent Alert After npm Package Breach Hits 18 Popular Libraries

A critical npm package breach exposes enterprises to cryptocurrency theft and credential leaks. NCERT issues an urgent warning.
腾讯网

OpenAI深夜放出“编程核弹”:GPT-5-Codex正式发布,能独立爆肝7小时

OpenAI 刚刚推出了 GPT-5-Codex ——这是在 GPT-5 基础上专门为软件工程优化的版本,也是 Codex 有史以来最大的一次升级,感觉这是全面对标Claude code的一个更新,但又与Claude code不同这次更新的核心变化主要有三点:1.GPT-5-Codex ...
Business Recorder

All compromised npm packages: NCERT urges organizations to upgrade to latest fixed versions

With npm packages embedded in financial systems, e-commerce platforms, and enterprise applications, the compromise poses a material risk to business continuity and supply chain integrity. Analysts ...
腾讯网

GPT‑5-Codex 发布:OpenAI 的 Claude Code

长话短说这是 OpenAI 版本的 Claude Code安装方法是$ npm i -g @openai/codex原始报道在这里https://openai.com/index/introducing-upgrades-to-codex/Codex 迎来重磅升级Codex 这可以看作是 OpenAI 版的 Claude Code,然后还有独立的 WebUI升级后的 Codex 速度更快、更可靠, ...
TechJuice

Critical npm Supply Chain Attack Exposes Global Firms

NCERT warns of npm supply chain compromise affecting 18 packages, exposing enterprises to crypto theft, credential leaks, and ...
CPO Magazine

Supply Chain Attack Infects Nearly 20 Popular NPM Packages with Billions of Weekly Downloads

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.

Stop waiting on NVD — get real-time vulnerability alerts now

Vulnerabilities are discovered daily—but not every alert matters. SecAlerts pulls from 100+ sources for faster, real-time ...