SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
WinBuzzer

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto ...
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...
腾讯网

深入理解OpenClaw技术架构与实现原理(下)

阿里妹导读本文是《深入理解OpenClaw技术架构与实现原理(上)》的续篇,主要讲述从沙箱隔离到企业级智能体演进。三、各系统模块讲解3.8 SandBox 沙箱系统Sandbox 是 OpenClaw 的 Docker 隔离层,用于在容器中执行 AI ...