The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.

Daily Search Forum Recap: February 25, 2026

Here is a recap of what happened in the search forums today, through the eyes of the Search Engine Roundtable and other search forums on the web. Google had a brief serving outage with Google Search ...

The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web

OpenClaw has sparked heavy Telegram and dark web chatter, but Flare's data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills ...
Unite.AI

Easy Rewording Breaks AI Safety, Even for Gemini and Claude

AI safety tests found to rely on 'obvious' trigger words; with easy rephrasing, models labeled 'reasonably safe' suddenly fail, with attacks succeeding up to 98% of the time. New corporate research ...
i-SCOOP

Manus Agents

Meta has quietly launched its $2 billion acquisition, Manus, as an autonomous AI agent on Telegram. Discover how this "action engine" builds apps, analyzes data, and browses the web for you.