PANews 4月21日消息，据慢雾科技首席信息安全官23pds转发X平台用户@mrdotparasyte的帖子，发现一款名为JuanFranBlanco.solidit-vscode的可疑VSCode插件。该插件其下载量疑似通过不正当手段刷取，插件信息也令人生疑，且插件Identifier中的“solidit”明显为拼写错误。该插件已存在两三天，目前尚不清楚有多少开发者不慎“中招”。当前，针对开发者的供应链攻击现象愈发泛滥，特别是未经官方审核的VSCode插件、npm包等，已成为此类攻击的重灾区。在此提醒广大开发者，在安装第三方插件或包时务必提高警惕，仔细甄别。

<p>PANews 4月21日消息，据慢雾科技首席信息安全官23pds转发X平台用户@mrdotparasyte的帖子，发现一款名为JuanFranBlanco.solidit-vscode的可疑VSCode插件。该插件其下载量疑似通过不正当手段刷取，插件信息也令人生疑，且插件Identifier中的“solidit”明显为拼写错误。该插件已存在两三天，目前尚不清楚有多少开发者不慎“中招”。当前，针对开发者的供应链攻击现象愈发泛滥，特别是未经官方审核的VSCode插件、npm包等，已成为此类攻击的重灾区。在此提醒广大开发者，在安装第三方插件或包时务必提高警惕，仔细甄别。</p>

慢雾CISO：警惕可疑VSCode插件“JuanFranBlanco.solidit-vscode”

<PANews> On April 21st, according to the post by X platform user @mrdotparasyte forwarded by 23pds, the Chief Information Security Officer of Slow Fog Technology, a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode was discovered. The plugin's download volume appears to have been artificially inflated through improper means, and its information raises suspicions. Moreover, the word "solidit" in the plugin Identifier is obviously a spelling error. The plugin has existed for two to three days, and it is currently unclear how many developers have inadvertently been "caught". Currently, supply chain attacks targeting developers are becoming increasingly prevalent, with unofficial VSCode plugins and npm packages becoming major disaster areas for such attacks. Developers are reminded to be highly vigilant and carefully discern when installing third-party plugins or packages.

<p>PANews reported on April 21 that according to 23pds, the chief information security officer of Slow Fog Technology, a post by X platform user @mrdotparasyte revealed a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode. The plugin's download volume appears to have been artificially inflated, and its information is questionable, with the word "solidit" in the plugin Identifier being an obvious spelling error. The plugin has existed for two to three days, and it is currently unclear how many developers have inadvertently been affected. Currently, supply chain attacks targeting developers are becoming increasingly prevalent, with unofficial VSCode plugins and npm packages becoming major attack vectors. Developers are reminded to be vigilant and carefully scrutinize third-party plugins or packages before installation.</p>

SlowMist CISO: Beware of suspicious VSCode plugin "JuanFranBlanco.solidit-vscode"

Bear markets are great times to learn. Here's an ultimate use of RSI:

Absolutely top-tier alpha!

Your previous methods are definitely wrong, and RSI is never a beginner's indicator.

Know that RSI is a Relative Strength Index (RSI), a momentum indicator.

Initially, people used overbought/oversold conditions to understand it. In recent years, people have used RSI divergence to analyze charts.

But RSI's greatest treasure lies in trend-following trading, specifically in divergence pullbacks. This is the key tool for getting on board in a major trend.

Actually, there are two main RSI strategies:

1. Profit...

Alpha Sharing | RSI Usage That 90% of People Don't Know

Binance recently officially announced its project listing roadmap and detailed registration instructions, revealing the entire "path" a crypto project can take from its very early stages to being listed...

Binance announces its process and criteria for listing digital assets.

Original title: State of Crypto Q4 2025: Younger investors are rewriting the investing playbook
Original source: Coinbase
Original translation by Chopper, Foresight News
For decades, the path Americans have taken to accumulate wealth has remained largely unchanged: find a good job, buy property, invest in stocks, and then wait for the returns to compound over time. However, our latest Cryptocurrency Industry Report shows...