The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
腾讯网

36个恶意npm包利用Redis和PostgreSQL部署持久化植入程序

网络安全研究人员在npm注册表中发现了36个恶意包,这些包伪装成Strapi CMS插件,但携带不同的有效载荷,用于Redis和PostgreSQL利用、部署反向Shell、收集凭据并投放持久化植入程序。
Arabian Post

PyPI proxy trap siphons AI prompts

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

China Is Obsessed With ‘Lobsters’ That Book Flights & Check Emails: Decoding AI Assistant OpenClaw

OpenClaw, an open-source AI agent with a red lobster logo, has sparked a nationwide craze in China in early 2026.Unlike ...