After procrastinating for a long time, I finally moved to Linux after eight long years from Windows. And it felt like a breath of fresh air. My old laptop was as snappy as it was on day one; every ...

These Linux distros require no post-install effort. Each of these options is usable out of the box. You won't need to install software or tweak the desktop. Every ...

This week's biggest hacks, zero-days, supply chain attacks, crypto theft, ransomware hits, and critical patches — all in one ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions of the widely used JavaScript HTTP client library.

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

I’ve spent the last decade in QA management, and if there’s one debate that consistently heats up when discussing strategy, ...

Security isn't just your problem anymore — it's the board's. With 97% of apps using open-source, CSOs need to ditch the false ...

此次 Axios 供应链攻击事件再次凸显了 npm 生态系统中依赖管理和安全审计的重要性。开发者在快速开发的同时，必须加强对依赖项的审查，使用版本锁定，并禁用不必要的脚本。 每次“一键安装”都可能带来风险，开发者需要时刻保持警惕。 此外，加强对 npm 账号的管理，包括启用双因素认证，也是降低风险的有效措施。这次事件也提醒我们， 供应链安全 已经成为软件开发中不可忽视的关键环节。 随着 npm ...

朝鲜这个国家，在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力，一直被严重低估。从 2014 年的索尼影业攻击，到 2017 年的 WannaCry 勒索病毒，再到这次对 npm 生态的精准打击，朝鲜黑客的技术水平和作战纪律一点也不「落后」。