Meta's new structured prompting technique makes LLMs significantly better at code review ...

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

源码被开源,Claude Code之父回应了:纯内部开发者手滑

至于此事的原因,也并不复杂,尽管 Anthropic 尚未发布官方报告,但科技媒体 Decrypt 从一位 Anthropic 发言人那里得到了评论:「今天早些时候,一个 Claude Code ...
Digital Production

dy Install Libs adds Library Manager to Houdini

Library Manager lands in dy Install Libs with one-click library install, enable, and disable for Houdini packages.