The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...

Security researchers at Noma Labs found a critical flaw in Context7, a widely used tool that feeds AI coding assistants documentation, allowing attackers to plant ...

ClawSecure's analysis of 2,890+ popular OpenClaw agent skills reveals 9,515 security findings, with 30.6% rated HIGH or ...

The flaw was discovered by Noma Labs researchers in the Context7 platform operated by Upstash. Context7 is used by developers ...

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...

Computer engineers and programmers have long relied on reverse engineering as a way to copy the functionality of a computer ...

CoinFello, an AI agent built for smart contract interaction, thinks it has a better way. On Wednesday, the company launched its open-source OpenClaw skill in partnership with MetaMask, a framework ...

More OpenClaw security woes. Huntress researchers say bad actors convinced users to download a bogus installer for the AI personal assistant that deployed infostealers by hosting it in a malicious ...

Google has introduced an open-source tool that allows command-line access to Workspace services. It supports AI agents and uses MCP.