Supply Chain Attack on Axios Pulls Malicious Dependency from npm Useful writeup of today's supply chain attack against Axios, the HTTP client NPM package with 101 million weekly...;Thereallo, after...
今日摘要
Supply Chain Attack on Axios Pulls Malicious Dependency from npm Useful writeup of today's supply chain attack against Axios, the HTTP client NPM package with 101 million weekly...;Thereallo, after...
热点话题
1. Supply Chain Attack on Axios Pulls Malicious Dependency from npm
原文链接:https://simonwillison.net/2026/Mar/31/supply-chain-attack-on-axios/#atom-everything
原标题:Supply Chain Attack on Axios Pulls Malicious Dependency from npm
来源博客:simonwillison.net;发布时间:2026-04-01 07:28:40;评分:29.0
文章说明:Supply Chain Attack on Axios Pulls Malicious Dependency from npm Useful writeup of today's supply chain attack against Axios, the HTTP client NPM package with 101 million weekly...
推荐理由:可快速了解《Supply Chain Attack on Axio...》的核心结论与实践方法。
- 来源 simonwillison.net
- 评分 29.0
- 分类 security
- 关键词 npm, supply-chain, axios
2. Technical Analysis of the Android Version of the White House’s New App
原文链接:https://blog.thereallo.dev/blog/decompiling-the-white-house-app
原标题:Technical Analysis of the Android Version of the White House’s New App
来源博客:daringfireball.net;发布时间:2026-03-31 23:11:08;评分:27.0
文章说明:Thereallo, after spelunking inside the APK bundle for the Android version: Has a full GPS tracking pipeline compiled in that polls every 4.5 minutes in the foreground and 9.5 mi...
推荐理由:可快速了解《Technical Analysis of the A...》的核心结论与实践方法。
- 来源 daringfireball.net
- 评分 27.0
- 分类 security
- 关键词 Android, reverse engineering, privacy
3. Weekly Update 497
原文链接:https://www.troyhunt.com/weekly-update-497/
原标题:Weekly Update 497
来源博客:troyhunt.com;发布时间:2026-03-31 08:41:44;评分:27.0
文章说明:Day by day, I find we're eeking more goodness out of OpenClaw and finding the sweet spot between what the humans do well and the agent can run off and do on its own. Signif...
推荐理由:可快速了解《Weekly Update 497》的核心结论与实践方法。
- 来源 troyhunt.com
- 评分 27.0
- 分类 security
- 关键词 security, openclaw
4. HIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification API
原标题:HIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification API
来源博客:troyhunt.com;发布时间:2026-03-31 02:42:30;评分:27.0
文章说明:For a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, "escalated". Today, we support hundreds of thousands of websi...
推荐理由:可快速了解《HIBP Mega Update: Passkeys,...》的核心结论与实践方法。
- 来源 troyhunt.com
- 评分 27.0
- 分类 security
- 关键词 passkeys, hacking
5. llm 0.30
原文链接:https://simonwillison.net/2026/Mar/31/llm/#atom-everything
原标题:llm 0.30
来源博客:simonwillison.net;发布时间:2026-04-01 04:35:51;评分:26.0
文章说明:Release: llm 0.30 The register_models() plugin hook now takes an optional model_aliases parameter listing all of the models, async models and aliases that have been registered s...
推荐理由:可快速了解《llm 0.30》的核心结论与实践方法。
- 来源 simonwillison.net
- 评分 26.0
- 分类 tools
- 关键词 LLM, CLI, plugin-hook
6. npm’s Defaults Are Bad
原文链接:https://nesbitt.io/2026/03/31/npms-defaults-are-bad.html
原标题:npm’s Defaults Are Bad
来源博客:nesbitt.io;发布时间:2026-03-31 18:00:00;评分:26.0
文章说明:The npm client's default settings are a root cause of JavaScript's recurring supply chain security problems.
推荐理由:可快速了解《npm’s Defaults Are Bad》的核心结论与实践方法。
- 来源 nesbitt.io
- 评分 26.0
- 分类 security
- 关键词 npm, supply-chain
7. Telnyx, LiteLLM and Axios: the supply chain crisis
原标题:Telnyx, LiteLLM and Axios: the supply chain crisis
来源博客:martinalderson.com;发布时间:2026-03-31 08:00:00;评分:26.0
文章说明:A cascading wave of supply chain attacks has hit npm and PyPI in under two weeks. LLMs are making it worse, and current mitigations aren't enough.
推荐理由:可快速了解《Telnyx, LiteLLM and Axios: ...》的核心结论与实践方法。
- 来源 martinalderson.com
- 评分 26.0
- 分类 security
- 关键词 supply-chain, llm
8. The Webs Digital Locks have Never had a Stronger Opponent
原文链接:https://blog.pixelmelt.dev/the-webs-digital-locks/
原标题:The Webs Digital Locks have Never had a Stronger Opponent
来源博客:blog.pixelmelt.dev;发布时间:2026-03-31 01:18:09;评分:26.0
文章说明:We are in a renaissance era of reverse engineering. Defenders are going to be on the back foot until we figure out some way to cope with LLM's.
推荐理由:可快速了解《The Webs Digital Locks have...》的核心结论与实践方法。
- 来源 blog.pixelmelt.dev
- 评分 26.0
- 分类 security
- 关键词 reverse engineering, LLM, DRM
9. The Subprime AI Crisis Is Here
原文链接:https://www.wheresyoured.at/the-subprime-ai-crisis-is-here/
原标题:The Subprime AI Crisis Is Here
来源博客:wheresyoured.at;发布时间:2026-04-01 00:18:11;评分:25.0
文章说明:Hi! If you like this piece and want to support my independent reporting and analysis, why not subscribe to my premium newsletter? It’s $70 a year, or $7 a month, and in r...
推荐理由:可快速了解《The Subprime AI Crisis Is Here》的核心结论与实践方法。
- 来源 wheresyoured.at
- 评分 25.0
- 分类 opinion
- 关键词 AI bubble, market analysis, LLM
10. Git Diff Drivers
原文链接:https://nesbitt.io/2026/03/30/git-diff-drivers.html
原标题:Git Diff Drivers
来源博客:nesbitt.io;发布时间:2026-03-30 18:00:00;评分:25.0
文章说明:What git's diff drivers can do, from built-in language support to custom textconv filters.
推荐理由:可快速了解《Git Diff Drivers》的核心结论与实践方法。
- 来源 nesbitt.io
- 评分 25.0
- 分类 tools
- 关键词 Git, diff, version control