The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

AI agent OpenClaw confirms ban on Bitcoin, crypto discussions in Discord

OpenClaw developer Peter Steinberger has confirmed a strict no-crypto policy on the project’s Discord following a recent scam ...
CoinDesk

Mentioning 'bitcoin' or crypto on AI agent OpenClaw's Discord will get you banned

The project's creator nearly deleted the viral AI agent after crypto scammers hijacked his accounts, launched a fake token that hit $16 million, and harassed him for weeks.
The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
WinBuzzer

Ex-GitHub CEO Launches Platform For AI Agent Transparency

Former GitHub CEO Thomas Dohmke has launched Entire with $60 million in seed funding to build tools for managing fleets of AI ...
cryptonews

Fake ‘ClawdBot’ AI Token Hits $16M Before 90% Crash — Founder Warns of Scam

Steinberger warn against scammers that exploited ClawdBot’s rebranding to Moltbot, hijacking old accounts to promote meme tokens and deceive investors. The founder of the open-source AI assistant ...
InfoWorld

Possible software supply chain attack through AWS CodeBuild service blunted

An AWS misconfiguration in its code building service could have led to a massive number of compromised key AWS GitHub code repositories and applications, say researchers at Wiz who discovered the ...
Cyber Defense Magazine

Navigating Third-Party and Fourth-Party Breach Risk: How CISOs Can Protect Their Vendor Supply Chain

Recent breaches—including the JLR incident and the Ribbon Communications compromise—have exposed the fragility of vendor ecosystems and the growing threat posed by third- and fourth-party ...
IEEE

NTFormer: A Composite Node Tokenized Graph Transformer for Node Classification

Abstract: Tokenized graph Transformers have advanced node classification by transforming graphs into token sequences, but existing methods suffer from limited flexibility due to single-type token ...
Invezz

The rise and the tragic fall of Pi Network

Pi Network, a crypto project that was meant to disrupt the industry, has become one of the biggest flops in 2025 as it plunged from a record high of $3 in February to the current $0.2040. The token ...
TechCrunch

Home Depot exposed access to internal systems for a year, says researcher

A security researcher said Home Depot exposed access to its internal systems for a year after one of its employees published a private access token online, likely by mistake. The researcher found the ...
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Many enterprises use GitHub Action Secrets to store and protect sensitive information such as credentials, API keys, and tokens used in CI/CD workflows. These private repositories are widely assumed ...