The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors ...

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
51CTO

如何构建一个好的 AGENTS.md:AI 编码 Agent 的项目级行为规范优秀实践

AGENTS.md 是一个放置在项目根目录的纯 Markdown 文件,专门用于指导 AI 编码 Agent 的行为。 最近在用 Cursor 和 Codex 写代码的时候,我越来越发现一个问题:每次新开会话,AI 都要重新问一遍项目结构、用什么包管理器、代码该放哪层。久而久之就觉得烦。 AGENTS.md ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Tech Times

Fake Claude Code Installers on 32 Live Sites Steal Developer API Keys via Google Ads

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...
SecurityWeek

Supply Chain Attack Hits 32 Red Hat NPM Packages

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. On Monday, hackers hit Red Hat’s NPM repository in a new supply chain attack, ...

What to know about Bill C-22, Canada’s proposed lawful-access legislation

The bill has drawn much criticism from tech companies and civil-liberties groups that warn it could compromise cybersecurity ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...