Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
Bleeping Computer

Windows 11 Notepad flaw let files execute silently via Markdown links

Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown ...
Appuals

Fix: The Windows Security Center Service is Turned Off

If Security Center is turned off or missing, Windows cannot correctly show your protection status in the Windows Security app. This usually means the ...
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.
Appuals

How to Fix OneNote Not Responding, Freezing Issue?

When OneNote shows "Not Responding", it usually means the app is stuck during a task (syncing, loading a large notebook, ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
腾讯网

斩获30.5k Star!Claude Code长期记忆插件Claude-Mem开源,实现跨会话上下文 ...

Claude-Mem 通过自动捕获工具输出(通常为 1000~10000 个 Token),并借助 Claude Agent SDK 将其压缩为约 500 Token 的语义化观测记录。这些记录会按类型分类(决策、Bug 修复、功能、重构、发现、变更),并打上相关概念与文件引用标签,随后存入具备全文检索能力的本地 SQLite 数据库。