The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Security Boulevard

Axios supply chain attack chops away at npm trust

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
CMSWire

Meet EmDash, the Cloudflare CMS and WordPress 'Spiritual Successor'

Cloudflare created an open-source CMS it calls a "spiritual successor to WordPress" — but WordPress is having none of it.
腾讯网

学习笔记:从 Agent 到 Skills — AI 智能体架构的范式转变

报告日期:2026-02-28 关键词: Agent Skills, MCP, OpenClaw, A2A, Agentic AI, 模块化架构一、谁提出了从 Agent 到 Skills 的转变?1.1 起源:Anthropic ...

OpenClaw 3.28上线!4天爆更上百项重要更新

【新智元导读】OpenClaw 3.28 大更新:不仅内置 Grok 搜索、支持 MiniMax 画图,更上线了最保命的「高危操作弹窗拦截」功能。 虽然后来 3.23 紧急上了修补丁,还顺手给发布流程加了自动拦截的保险,但这事儿弄得大家心里一阵发毛。

钉钉飞书集体抛弃 MCP,CLI 才是 Agent 的终局

企业内部的 Agent 身份是已知的,权限是预设的,操作在沙箱里跑,日志全程可追溯。钉钉的批量熔断机制,飞书的 dry-run 预览和按域权限申请,本质上就是在 CLI 层面实现了 Schenkelman 所说的那些安全措施。