MusicRadar on MSN

I’m convinced that Ableton’s Extensions are going to change how music-makers use Live forever

The Extensions SDK can be used to "expand, reshape and customize" Live Suite with new tools and features ...

Node.js 26 发布:默认启用 Temporal API,10 月进入 LTS 阶段

IT之家 5 月 6 日消息,当地时间 5 月 5 日, Node.js 团队发布了最新的 Node.js 26.0.0 版本(Current), Node.js 26 将于 10 月进入 LTS(长期支持)阶段 。
zhiding.cn on MSN

VM2 JavaScript沙箱发现13个严重漏洞,可执行任意代码

研究人员在vm2 JavaScript沙箱库中发现13个严重漏洞,攻击者可借此突破容器限制并在宿主系统执行任意命令。其中CVE-2026-26956可在特定Node.js 25与WebAssembly组合环境下完全逃逸沙箱,CVE-2026-44007则通过nesting:true配置选项触发权限控制缺陷。安全研究人员建议开发者立即升级至vm2 3.11.2版本,并考虑将不可信代码迁移至Docke ...

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

Anthropic刚递表IPO,但旗舰正在被全网疯狂吐槽

Anthropic已经秘密向美国证券交易委员会(SEC)递交了 S-1注册声明草稿。这意味着一旦SEC审核通过,Anthropic就可以随时启动IPO。 公告中没有披露具体的发行股数和定价,只说“取决于市场条件和其他因素”。
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...