Communications of the ACM

A Decade of Docker Containers

Container instances. Calling docker run on an OCI image results in the allocation of system resources to create a ...
CNX Software

Inkplate 13SPECTRA 13.3-inch E-ink Spectra smart color display supports Arduino ...

Soldered Electronics has made ESP32-based e-paper displays for years, starting with the launch of the Inkplate 6 in 2019. The ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...

恶意npm包窃取加密货币密钥和API令牌

网络安全研究人员披露了一项名为"沙虫模式"的活跃供应链蠕虫攻击活动,该活动利用至少19个恶意npm包来实施凭据收集和加密货币密钥窃取。 供应链安全公司Socket将此次活动命名为SANDWORM_MODE。与之前的Shai-Hulud攻击波类似,这些恶意代码包具备窃取系统信息、访问令牌、环境机密和API密钥的能力,并能通过滥用被盗的npm和GitHub身份自动传播以扩大影响范围。 Socket公司 ...