Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

开源24小时内，Nanobot便收获了1.3K Star，显示出其在开发者社区中的强大吸引力。什么是Nanobot？可以理解为去除了所有“学术装饰”和工程冗余后，剩下的“最小可用Agent内核”。它保留了一个成熟智能体必须具备的能力闭环，包括网页搜索、文件操作、定时任务和记忆机制等，麻雀虽小，五脏俱全。

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

Stranger Things concept of the “Upside Down” is a useful way to think about the risks lurking in the software we all rely on.

来自中国人民大学的董冠霆，主要研究方向为智能信息检索和智能体强化学习，曾获国家奖学金、北京市优秀毕业生等荣誉，并入选国家自然科学基金青年学生基础研究项目 (博士生)、中国科协青年人才托举工程博士生专项计划资助，代表工作包括 ...

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

The latest enhancements to our platform empower organizations to stop third-party risk from ever entering their software code, providing them with a prevention-first approach.” Package Firewall, ...

通过这次大规模调查，研究团队揭示了一个令人震惊的现实：超过四分之一（26.1%）的技能包存在至少一种安全漏洞。更具体地说，他们发现了14种不同的漏洞模式，可以归纳为四大类威胁：恶意指令注入、数据窃取、权限提升和供应链攻击。