The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and ...
Payload Asia

Cainiao to build large-scale global robotic warehouse network

Cainiao plans to build a large-scale global network of robotic warehouses in 2026 as it expands local fulfilment and delivery ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
InfoWorld

19 large language models redefining AI safety—and danger

Whether you are looking for an LLM with more safety guardrails or one completely without them, someone has probably built it.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...