Someone hid a full RAT inside a fake npm package and exfiltrated victim data to HuggingFace - 惯性聚合

推荐订阅源

美团技术团队

罗磊的独立博客

The Register - Security

The GitHub Blog

钛媒体：引领未来商业与生活新知

博客园 - 三生石上(FineUI控件)

Schneier on Security

博客园 - 聂微东

The Exploit Database - CXSecurity.com

Recorded Future

大猫的无限游戏

Know Your Adversary

DataBreaches.Net

Darknet – Hacking Tools, Hacker News & Cyber Security

SegmentFault 最新的问题

博客园_首页

让小产品的独立变现更简单 - ezindie.com

酷壳 – CoolShell

Cisco Talos Blog

Visual Studio Blog

Java Code Geeks

博客园 - Franky

The Cloudflare Blog

Apple Machine Learning Research

CERT Recently Published Vulnerability Notes

Google DeepMind News

Fortinet All Blogs

Privacy International News Feed

Threat Research - Cisco Blogs

The Blog of Author Tim Ferriss

Vulnerabilities – Threatpost

Recent Announcements

Blog — PlanetScale

Security Latest

MIT News - Artificial intelligence

Y Combinator Blog

Kaspersky official blog

有赞技术团队

programming

How LLMs Work, Part 1: How LLMs Process Text Jakarta EE 11 from Newbie to Pro with Open Liberty Can JavaScript Become a Planned Runtime? — A study of AOT compilation, computation graphs, memory planning, and concurrency scheduling Metastable Failures Explained: Why Fixing the Trigger Fails PostgreSQL Connection Pooling Explained: How It Works and Why It Matters Help with making a black hole renderer My experience building the same app in Ruby, Java, and TypeScript Building current, a browser-based file sharing tool, with Rust and WASM JetBrains interviews Andrew Kelley about Zig [video] BUG in VS Code: "Publish to GitHub" defaults to broken HTTPS remote instead of SSH · Issue #318565 Revenge of The Business Idiot Dungeons, Dragons & Developers • Matt Brunt The transactional outbox pattern: keeping a database and Kafka consistent space-tree: Workspace Management Trees in Emacs How AWS Nitro Enclaves Attestation Actually Works What does the middleware request lifecycle really look like in PHP ? Introducing the Predictive Application concept, where every interaction is intelligent Harness Engineering: The New DevOps Layer for AI Agents A new Kubernetes package installer The pressure: curl's founder on dealing with the AI-driven CVEs, Interactive simulator: GitHub Flow vs trunk-based development - watch where work queues up Samy Kamkar on the MySpace worm, reverse engineering, privacy, and Openpath My small Mac lock screen app blew up and all people wanted as a cat I'm 18 years old looking to get into app development as a fun side hustle during summer and hopefully throughout University if it goes well Perplexity Bumblebee Shakes Loose Hidden Threats on Dev Desktops DOOMbench: Can Your Data Stack Run DOOM? Python Supply Chain Security: 8 Things That Happen After pip install WICG Proposal: Declarative partial updates Jobs with endless meetings make me sick so I created a job board site that curates jobs at async-first companies. There are almost 1000jobs posted currently. The SQL instincts that will hurt you in Google Cloud Spanner Pardon MIE? - How Researchers Found First Ever Bypass Of Apple's Memory Integrity Enforcement Google DeepMind Paper On New AlphaProof Nexus Framework: Advancing Mathematics Research with AI-Driven Formal Proof Search WebAssembly on Kubernetes • Nicolas Frankel FinOps for AI: Track What Your Code Actually Costs Per Commit There is no love in software development? What it takes to transpose a matrix LangChain and Python Websearch with Tavily Improving Local Techdocs for Your AI Coding Agent Your Python Scraper Has a Tell. curl-cffi Is How You Hide It Continuous Delivery in a World of Constant Change • Abby Bangser & Dave Farley This company killed open source - "Liberating the world of open source software". Unfortunately not satire, although I am not sure. Freenet: A Peer-to-Peer Platform for Real-Time Decentralized Applications (whitepaper) Any merit to this? Leveraging time complexity 'Big O' notation Running Code in a Programming Language Nobody Knows Wrote a bit about the race condition that quietly breaks billing systems Jujutsu Minecraft chests as a database AutoBrew v2.4: Snapshots, CLI, and a Signing Fight Ruby vs. Java vs. TypeScript: my experience on building a Cowork DOCX plugin TIL giving an AI a structural map of your codebase makes it use MORE context, not less — and why that's actually correct TOML Schema Jailer ships the AI Query Assistant — a full integration of AI-powered SQL generation directly into the SQL Console. Beyond Pandas: Polars or DuckDB for Faster Local Data Analysis Monads are Easy Credential brokering prevents AI agents from compromising credentials via prompt injection Docker quietly became an AI development platform Security Armageddon Is Here. What can we do about it? How soon is now in PostgreSQL? TrapDoor Supply Chain Campaign Targets npm, PyPI, and Crates.io to Poison AI Coding Agents How I made my Zig gameplay code hot reloadable PSA: VSCode extensions (NX Console, TeamPCP) compromised in GitHub breach The infamous 20 year old MySQL Bug #11472 has been fixed. TestForge - 21-dimension AI code analyzer (open source) What compiler/runtime intrinsics do developers typically rely on most? A selfie crashed Twitter in 20 minutes. Not traffic — a single cache key. Here's what actually happened. Need some help with stripe integration on a crowdfunding platform I’m building on replit Is Rich Hickey’s "Simple Made Easy" (2011) the best talk on software development ever given? How do you validate SaaS ideas before building them? Rewrite vs. Evolution TrapDoor supply-chain campaign targeted npm, PyPI, and Crates.io packages Building a real-time aircraft anomaly pipeline: separating bad telemetry from suspicious movement 2-Dimensional Lattice Basis Reduction in C GitHub supply chain attack hits developer tools (NX Console, VSCode, TeamPCP) Ambiguity v4 Comprehensive Technical Architecture Report libwce: the entropy layer of a wavelet codec, on its own Individual Logarithm Reduction Step of Discrete Logarithm Problem Designing Resilient Systems to Prevent Cascading Failures Finally got cross-platform Tauri release pipelines working 🚀 The Database Zoo: Exotic Data Storage Engines - why SQL and NoSQL aren't enough anymore Rethinking Last-Mile Routing at Scale Chrome proposes new APIs: Declarative partial updates Health-Check the listener your gRPC traffic actually uses SFQ: Simple, Stateless, Stochastic Fairness Announcement: We've Updated The Rules, and April Is Finally Over Applying metaphors from other fields into software development Spring Boot vs Node.js: I Ran Both in Production for 18 Months. One Cost $12,000 More. Guess Which Clojure Anonymous Functions How I Built a Confluence Crawler Writing VBA modules inside Excel files is much stranger than I expected A blueprint for formal verification of Apple corecrypto Building a Fast Lock-Free Queue in Modern C++ From Scratch High Speed Networking: The View from the Machine Lessons I Learned from Creating Searx Creator of C++ talks about memory safety How Container Registries Work: Pushing and Pulling Images Without Docker 16 bytes of code that turn Sierpinski waves into Matrix rain NVCF Is Now Open Source: Inside NVIDIA's GPU Function Platform Staged publishing for npm packages | npm Docs How many branches can your CPU predict? – Daniel Lemire's blog How to Call an API from an Email

Someone hid a full RAT inside a fake npm package and exfiltrated victim data to HuggingFace

/u/BattleRem · 2026-05-29 · via programming

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。