The Hacker News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

Google Chrome ships WebMCP in early preview, turning every website into a structured tool for AI agents

Google and Microsoft's new WebMCP standard lets websites expose callable tools to AI agents through the browser — replacing ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
The Hacker News

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Researchers show AI assistants can act as stealth C2 proxies, enabling malware communication, evasion, and runtime attack ...
InfoQ

Vercel Releases React Best Practices Skill with 40+ Performance Rules for AI Agents

Vercel has launched "react-best-practices," an open-source repository featuring 40+ performance optimization rules for React and Next.js apps. Tailored for AI coding agents yet valuable for developers ...

React survey shows TanStack gains, doubts over server components

Not everyone's convinced React belongs on the server as well as in the browser Devographics has published its State of React ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
Unite.AI

Nimble Raises $47M Series B to Push Live Web Data Further into AI Workflows

Nimble has raised $47 million in Series B financing, led by Norwest with participation from Databricks Ventures and its existing investors. The round brings total funding to $75 million and reflects ...