JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
The Mapbox MCP Server transforms any AI agent or application into a geospatially-aware system by providing seamless access to Mapbox's comprehensive location intelligence platform. With this server, ...
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS ...
Python developer Roman Imankulov nearly took the bait. The fact that he didn't can be chalked up to human intuition and AI code vetting. A person claiming to be a recruiter from a small crypto startup ...
A Model Context Protocol (MCP) server that provides access to NS (Dutch Railways) travel information through Claude AI. This server enables Claude to fetch real-time train travel information and ...
Agent Skills 本质上是一类 SKILL.md 文件。它们可以扩展 Claude Code 和其他 AI 编程助手的能力。安装一个 skill,就相当于给 agent 增加了一份专门的工作手册。 Agent Skills 本质上是一类 SKILL.md 文件。 它们可以扩展 Claude Code 和其他 AI 编程助手的能力。安装一个 skill,就相当于给 agent 增加了一份专门 ...