Google Chrome ships WebMCP in early preview, turning every website into a structured tool for AI agents

Google and Microsoft's new WebMCP standard lets websites expose callable tools to AI agents through the browser — replacing ...
The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in ...
Security Boulevard

The Complete Guide to Authentication Implementation for Modern Applications

A comprehensive developer guide to implementing secure authentication in modern applications. Covers OAuth 2.0, OIDC, ...
The Caledonian-Record

Bitget Launchpool adds Spacecoin (SPACE) with over 22.9M in Token Rewards

Bitget, the world’s largest Universal Exchange (UEX), has announced the addition of Spacecoin (SPACE) to Bitget Launchpool ...
InfoWorld

First look: Run LLMs locally with LM Studio

This desktop app for hosting and running LLMs locally is rough in a few spots, but still useful right out of the box.

Qwen3-Coder-Next offers vibe coders a powerful open source, ultra-sparse model with 10x higher throughput for repo tasks

On SWE-Bench Verified, the model achieved a score of 70.6%. This performance is notably competitive when placed alongside significantly larger models; it outpaces DeepSeek-V3.2, which scores 70.2%, ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ ...

AI agent social media network Moltbook is a security disaster

Moltbook leaked email addresses and private messages.
SecurityWeek

Critical N8n Sandbox Escape Could Lead to Server Compromise

A critical n8n flaw could allow attackers to use crafted expressions in workflows to execute arbitrary commands on the host.

Critical n8n flaws disclosed along with public exploits

Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of ...
SecurityWeek

Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant

OpenClaw patched a critical vulnerability that could be exploited to hijack the increasingly popular AI assistant.