SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.
IEEE

Javascript Code Simplification And Optimization Based On Hybrid Static and Dynamic Analysis Techniques

Abstract: With the increasing complexity of Web application functions, JavaScript libraries are widely used to improve development efficiency and user experience. However, many applications do not ...
GitHub

Anthropic API Failover Proxy

A lightweight PHP proxy that sits between AI clients (like OpenClaw) and third-party Anthropic API providers. Enables automatic failover across multiple providers and fixes prompt caching for clients ...
The Hacker News

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised ...
GitHub

KevinZhao/claudecode-bedrock-proxy

问题: Claude Code 主进程(Opus)会自动注入 prompt caching breakpoints,但 TTL 固定为 5m(默认值),无法配置为 1h。对于长时间开发会话,5 分钟后 cache 过期导致全量重新写入,浪费大量 input tokens 费用 ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...