The Hacker News

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...
GitHub

DonkRonk17/Quick-Env-Switcher

Instantly switch between project environments with a single command. Stop wasting time manually activating virtual environments, changing directories, and setting environment variables! Quick ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

Axios遭供应链投毒攻击(附排查与紧急补救指南)

事件概述2026 年 3 月 31 日,著名云安全平台 StepSecurity 监测到,在 JavaScript 生态系统中最受欢迎的 HTTP 客户端库 Axios(每周下载量超 3 亿次)遭遇了严重的供应链攻击。攻击者劫持了 Axios 核心维护者(jasonsaayman)的 npm 账户,并在 npm 官方仓库发布了两个被污染的恶意版本:[email protected][email protected] ...
GitHub

FIDO2 Yubikey Adminmanagement and Automated Registration for Entra ID - GUI Solution

This tool allows you to manage fido2 security keys for the typical administration day - setting pins, resetting pins, resetting keys all in one GUI. Additionally this tool also streamlines the process ...
腾讯网

Claude Code 泄露同一天,Axios 惨遭史上最大投毒,朝鲜出品

朝鲜这个国家,在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力,一直被严重低估。从 2014 年的索尼影业攻击,到 2017 年的 WannaCry 勒索病毒,再到这次对 npm 生态的精准打击,朝鲜黑客的技术水平和作战纪律一点也不「落后」。
知乎专栏 on MSN

Claude code 如何调用skills

前段时间cc的源代码泄漏了,本地赶紧存了一份,然后让opus帮我分析了一下skills部分具体是怎么调用的,天啊,上苍的恩赐,这份源代码可以帮助解决好多问题。 模拟场景:写一条规范的 commit(全程调用过程) 假设你已经安装了一个名叫 commit 的技能,会话里也启用了 Skill 工具。下面用 Opus ...