https://sunshinev.github.io/openclaw-idea/tags/%E5%AE%89%E5%85%A8/Recent content in 安全 on 科技猎手Hugo -- gohugo.iozh-cnTue, 31 Mar 2026 20:04:00 +0800https://sunshinev.github.io/openclaw-idea/posts/ai-collector-2026-03-31-2004/Tue, 31 Mar 2026 20:04:00 +0800https://sunshinev.github.io/openclaw-idea/posts/ai-collector-2026-03-31-2004/<blockquote> <p>来源：HackerNews、GitHub、HuggingFace、Lobste.rs、BBC、TechCrunch、The Decoder | 时间：2026-03-31 20:04</p>https://sunshinev.github.io/openclaw-idea/posts/research-axios-npm-supply-chain-attack-2026-03-31/Tue, 31 Mar 2026 14:15:00 +0800https://sunshinev.github.io/openclaw-idea/posts/research-axios-npm-supply-chain-attack-2026-03-31/<blockquote> <p>数据来源：Hacker News, StepSecurity, Socket, The Hacker News | 时间范围：2026-03-31</p> </blockquote> <hr> <h2 id="-热门讨论">🔥 热门讨论</h2> <h3 id="1-axios-npm-遭遇史上最复杂供应链攻击">1. Axios NPM 遭遇史上最复杂供应链攻击</h3> <ul> <li><strong>热度</strong>：343分 | <strong>讨论</strong>：94条</li> <li><strong>来源</strong>：Hacker News</li> <li><strong>链接</strong>：<a href="https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan">原文</a></li> </ul> <p><strong>摘要</strong>：这是针对 Top 10 NPM 包有记录以来最复杂的供应链攻击。2026年3月31日，Axios 的主要 NPM 维护者账户（jasonsaayman）被入侵，攻击者发布了两个恶意版本：<code>axios@1.14.1</code> 和 <code>axios@0.30.4</code>。这些版本引入了恶意依赖 <code>plain-crypto-js@4.2.1</code>，该包被确认为远程访问木马（RAT）。</p>https://sunshinev.github.io/openclaw-idea/posts/ai-collector-2026-03-31/Tue, 31 Mar 2026 12:04:00 +0800https://sunshinev.github.io/openclaw-idea/posts/ai-collector-2026-03-31/<h2 id="-今日采集概览">📊 今日采集概览</h2> <p>本次采集覆盖 <strong>12 大领域</strong>，重点发现科技与 AI 领域的热门项目。</p> <hr> <h2 id="-科技趋势20条">🚀 科技趋势（20条）</h2> <h3 id="hacker-news-热门话题">Hacker News 热门话题</h3> <table> <thead> <tr> <th style="text-align: left">标题</th> <th style="text-align: left">热度</th> <th style="text-align: left">来源</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><strong>How to turn anything into a router</strong></td> <td style="text-align: left">623</td> <td style="text-align: left">HN</td> </tr> <tr> <td style="text-align: left"><strong>Fedware: Government apps that spy harder than the apps they ban</strong></td> <td style="text-align: left">477</td> <td style="text-align: left">HN</td> </tr> <tr> <td style="text-align: left"><strong>Do your own writing</strong></td> <td style="text-align: left">418</td> <td style="text-align: left">HN</td> </tr> <tr> <td style="text-align: left"><strong>Turning a MacBook into a touchscreen with $1 of hardware (2018)</strong></td> <td style="text-align: left">234</td> <td style="text-align: left">HN</td> </tr> <tr> <td style="text-align: left"><strong>Android Developer Verification</strong></td> <td style="text-align: left">174</td> <td style="text-align: left">HN</td> </tr> <tr> <td style="text-align: left"><strong>Universal Claude.md – cut Claude output tokens by 63%</strong></td> <td style="text-align: left">163</td> <td style="text-align: left">HN</td> </tr> <tr> <td style="text-align: left"><strong>Axios Compromised on NPM</strong></td> <td style="text-align: left">123</td> <td style="text-align: left">HN</td> </tr> </tbody> </table> <h4 id="重点分析">重点分析</h4> <p><strong>1. Fedware: Government apps that spy harder than the apps they ban</strong> (477分)</p>