资讯

CSO Online34 分钟

When AI nukes your database: The dark side of vibe coding

As developers lean on Copilot and GhostWriter, experts warn of insecure defaults, hallucinated dependencies, and attacks that ...

Google’s Gemini AI can now process and talk about audio files

Google now lets all Gemini users feed audio files to the AI chatbot, ask questions about it, and convert the knowledge into other formats for free.

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.
Krebs on Security12 小时

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
The Register on MSN16 小时

Dev snared in crypto phishing net, 18 npm packages compromised

Popular npm packages debug, chalk, and others hijacked in massive supply chain attack Crims have added backdoors to at least ...

Here's how I install Android apps from anywhere that isn't the Google Play Store

Most Android devices default to the Google Play Store for downloading and installing apps, but it's far from the only place ...
OfficeChai18 小时

How Stack Overflow’s Usage Has Fallen Since The Advent of AI Coding Models

For well over a decade, Stack Overflow has been the digital lifeline for programmers. It was the go-to public library for ...
The Hacker News19 小时

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed ...
CSO Online23 小时

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

Attackers abused GitHub Actions workflows to siphon off thousands of credentials from hundreds of npm and PyPI repositories.