Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
腾讯网

给OpenClaw开天眼!解决了10个跨境电商网站爬虫难题

如果不想在本地装 Chromium,或者要跑大量网站,Firecrawl skill是另一个选项——它在远程沙盒里跑浏览器,本机零压力,返回干净 Markdown,直接喂给 AI 分析。免费额度 500 次,加 cache: 2d 配置避免重复消耗。
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
腾讯网

Skills 真的可以帮我干活了:把工单分析变成一个可复用的 Skill

Anthropic 刚推出 Skills [1]时,我非常兴奋。官方的态度也很明确:不要再执着于开发复杂 Agent,而是把精力放在 Skills 上。但在认真研究了一圈官方和社区的 Skills 示例[2]后,我很快冷静下来—— 几乎没有一个 ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
The Pricer

AI Agents Can’t See 87.6% of Your Website’s Commercial Content

When someone asks ChatGPT, Claude, Gemini, or Copilot to read a webpage, the AI decides what the user sees — not your layout, ...