GitHub

dragino-end-node-decoder

There was an error while loading. Please reload this page.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

Cloudflare acquires VoidZero – Team behind Vite switches completely

Cloudflare acquires VoidZero and with it the team behind Vite, Vitest, and more. The tools are to remain open-source and ...
InfoQ

Next.js 16.2: 400% Faster Dev Startup, Faster Rendering, and Deeper Tooling for AI Agents

Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline ...

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

都说 AI 先干掉的会是前端,结果前端成了 AI 时代最值钱的岗位

完全跑偏的那一半:前端工作的天花板,不是切页面。 前端真正值钱的能力——异步流程设计、流式体验优化、交互状态管理、组件化工程思维——这些 AI 一个都学不会。而这些能力,恰好是 AI Agent 应用开发最核心的竞争力。
Infosecurity Magazine

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits ...

A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation ...
腾讯网

程序员的鄙视链

我跟很多人聊过一个问题:到底什么叫程序员?有意思的是,每个人对程序员的定义,都是把自己屁股后面那根线画下来——线以内是程序员,线以外不算。我把自己划进去,把比我「低」的那批人划出去。这就形成了一条鄙视链。整个技术圈,几乎人人都默认有这么一条链。人人都 ...