Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

Microsoft is delivering tools to quickly configure Windows PCs as workstations for Windows and Linux development.

Researchers from Zscaler found a new malware campaign dubbed Edgecution.

Flipper Device's new Busy Bar will retail for $249.

Azure Linux 4.0 is Microsoft's own Fedora-derived Linux distro for Azure cloud workloads. Here is how it compares to Ubuntu, ...

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

Surface RTX Spark Dev Box is a compact, small-form-factor desktop PC that is built specifically for developers and data ...

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...

现代AI Agents已超越简单的问答功能，能够代表用户执行操作、管理文件及运行代码。这种能力跃迁同时开启了危险的新攻击维度——针对ClawHub市场的恶意skills已暴露出AI Agent生态系统的严重脆弱性。作为2026年增长最快的开源AI Agent平台OpenClaw的官方技能市场，ClawHub的skills数量从1月的不足2000个激增至4月的5万余个，这种爆炸式增长在吸引数百万用户 ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...