主流JavaScript软件包管理平台npm遭供应链投毒攻击

2026年5月25日,国家网络安全通报中心发布:监测发现,全球主流Java软件包管理平台npm遭“沙虫” (Shai-Hulud)供应链投毒攻击。攻击者攻陷了npm官方维护者账户,并在短时间内批量投放大量恶意软件包,涉及300余个独立程序包的600余个恶意版本,影响多个热门开源项目。当开发者安装恶意依赖包后,程序会自动在本地主机、CI/CD流水线环境执行恶意代码,窃取GitHub ...
Consumer Reports

Pontiac G6

RECALL ALERT: There are 7 recalls on this vehicle. Learn More. There are 7 recalls on this vehicle. Learn More. RECALL ALERT: There are 7 recalls on this vehicle. Learn More. There are 7 recalls on ...
heise online

Hundreds of malicious npm packages discovered in AntV ecosystem

The data visualization ecosystem AntV was targeted by a Mini Shai Hulud supply chain attack involving hundreds of malicious npm packages. On infected systems, the ...
51CTO

前端圈炸了!AntV、VS Code 插件同时被投毒!

安全公司 Socket 披露:大量 @antv 相关 npm 包被植入恶意代码,涉及数百个包、数百个恶意版本。 今年不到半年时间,npm 已经连续爆出多起重量级供应链攻击。 前段时间 axios 被投毒, 随后 TanStack 大面积污染, 而就在昨天,又连续爆出两起重量级供应链攻击 ...
Infosecurity-magazine.com

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

The Mini Shai-Hulud worm has resurfaced in one of its largest single-registry waves to date, hitting hundreds of npm packages tied to the AntV data visualization ecosystem in a coordinated burst ...
The Hacker News

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini ...
Ripple

npm Supply Chain Attack Hits @antv: Blockchain Dev Secrets Now Exposed

Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers’ GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack. The malicious publishes ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool.
CNET

LG OLED G6 Series Review: Top-End TV Net Gain for Picture Quality

Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Ty Pendlebury is CNET's senior ...
9to5google

Tensor G6 reportedly bringing latest ARM CPU cores but outdated GPU to Pixel 11

An early, limited leak around Google’s upcoming Pixel 11 series offers some limited details around the Tensor G6 chipset inside, with a mix of good news and bad news. Mystic Leaks today posted an ...
ZDNet

LG G6 vs. Samsung S95H: I compared the best OLED TVs of 2026 and made a tough choice

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...