Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.

A report from ReversingLabs reveals a massive 73% increase in malicious open-source packages in 2025, with over 10,000 ...

With the PyArrow library installed, pandas 3.0 interprets string columns automatically as the str data type instead of NumPy- ...

Stranger Things concept of the “Upside Down” is a useful way to think about the risks lurking in the software we all rely on.

来自中国人民大学的董冠霆，主要研究方向为智能信息检索和智能体强化学习，曾获国家奖学金、北京市优秀毕业生等荣誉，并入选国家自然科学基金青年学生基础研究项目 (博士生)、中国科协青年人才托举工程博士生专项计划资助，代表工作包括 ARPO、AUTOIF.DMT、Search-o1、Webthinker、 FlashRAG 等, 受到国内外研究者的广泛关注。其中监督微调数据配比策略 ...

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

Veracode announced key platform innovations introduced through the second half of 2025, providing preventive control for software supply chains.

通过这次大规模调查，研究团队揭示了一个令人震惊的现实：超过四分之一（26.1%）的技能包存在至少一种安全漏洞。更具体地说，他们发现了14种不同的漏洞模式，可以归纳为四大类威胁：恶意指令注入、数据窃取、权限提升和供应链攻击。