The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
SecurityWeek

OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts

OpenClaw faces security vulnerabilities and misconfiguration risks despite rapid patches and its transition to an ...
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.
eWeek

OpenAI Just Showed That AI Can Drain a Crypto Wallet… on Purpose

Codex can exploit vulnerable crypto smart contracts 72% of the time, raising urgent questions about AI-powered cyber offense and defense.

Android mental health apps with 14.7M installs filled with security flaws

Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.
Harvard Business Review

How to Manage an Insecure Leader

You’re a competent, strategic professional. You think clearly, execute well, and deliver results. But there’s one part of your job no one prepared you for ...
CSO Online

Six flaws found hiding in OpenClaw’s plumbing

Researchers say an AI-powered code scanner traced untrusted data across layers of OpenClaw, exposing exploitable weaknesses including SSRF, authentication bypass, and path traversal.