The Hacker News

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

CNCERT warns OpenClaw AI agent has weak defaults enabling prompt injection and data leaks, prompting China to restrict use on government systems.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
eWeek

Adobe Launches AI Assistant in Photoshop Public Beta

Yesterday, Adobe's new AI Assistant for Photoshop entered public beta on the web and mobile apps (sorry, desktop loyalists, ...
Security Boulevard

The Developer’s Practical Guide to Passwordless Authentication in 2026

Why Passwords Are Still a Developer's Problem in 2026. The case against password-based authentication is well-established in the IAM community, but the practical implications for ...
CIO

21 agent orchestration tools for managing your AI fleet

Enterprises seeking to make good on the promise of agentic AI will need a platform for building, wrangling, and monitoring AI agents in purposeful workflows. In this quickly evolving space, myriad ...
Security Boulevard

Invisible Threats: Source Code Exfiltration in Google Antigravity

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can ...
BBC

Wellness peptide craze: Why people are injecting drugs 'not for human consumption'

Katie carefully takes a syringe out of its packet. She pricks the top of a small jar of blue liquid and pulls up the plunger. She turns and jabs the needle into her bum cheek and gives the camera a ...
GitHub

An Android Injector aimed to inject through Virtual Space without root permissions.

Launch the Injector app. Select a target app or game. Browse for a target shared library to inject. Click "Install" to install the app in the virtual environment. Click "Inject," and the app should ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
NPR

Influencers are promoting peptides for better health. What does the science say?

Search the term "peptides" and a long list of online retailer options will pop up. You'll be offered vials of molecules with funky names that sound like exoplanets: GHK-CU, CJC12-95, Thymosin Beta-4.
AppleInsider

iPhone camera & microphone dot can be suppressed if you're already hacked

Apple's camera and microphone indicators are supposed to tell iPhone users when the microphone or camera are on, but after a device is fully compromised with kernel-level access by another hack, ...