The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.
Security Boulevard

Cryptographic Agility for Contextual AI Resource Governance

Master cryptographic agility for AI resource governance. Learn how to secure Model Context Protocol (MCP) with post-quantum ...
eWeek

What Is Clawdbot? The Viral Self-Hosted AI Assistant Taking Over X

Clawdbot is a viral, self-hosted AI agent that builds its own tools and remembers everything—but its autonomy raises serious security risks.
TestingCatalog

Manus AI launches Agent Skills open standard for AI workflows

What's new? Manus AI integrates Agent Skills on all platforms with team plan early access; Agent Skills offers modular ...
TestingCatalog

Anthropic prepares new sketch tool, Cowork in projects and more

Anthropic is quietly testing new Claude updates, including a Plugins section, Sketch attachments, and Cowork tasks in ...

‘It was insane’: Hunter wrestles 202-pound Burmese python

It was like riding a slow horse. It was insane,” Carl Jackson said about the second-heaviest Burmese python caught in Florida ...
Analytics Insight

Best AI Tools to Summarize PDFs Quickly for Faster Reading and Better Understanding

Overview PDF files are an integral part of professional and academic work.Long documents make it difficult to research and ...
Infosecurity Magazine

Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a ...
WinBuzzer

ChatGPT Containers Gain Bash Support and Multi-Language Code

ChatGPT has quietly gained bash support and multi-language capabilities, enabling users to run commands and install packages in containers without official announcements.