SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
GitHub

Dumpling AI MCP Server

A Model Context Protocol (MCP) server implementation that integrates with Dumpling AI for data scraping, content processing, knowledge management, AI agents, and code execution capabilities. If you ...
cybernews

AI assistant runs hacker’s commands just from opening a project: critical vulnerability found in Claude Code

Claude Code, one of the most popular command-line AI coding assistants, contained critical vulnerabilities that enabled remote code execution and the theft of sensitive data, bypassing user consent.
IEEE

Evaluating Python Static Code Analysis Tools Using FAIR Principles

Abstract: The quality of modern software relies heavily on the effective use of static code analysis tools. To improve their usefulness, these tools should be evaluated using a framework that ...
Microsoft

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest ...
GitHub

OpenClaw Plugin: Claude Code

Run Claude Code in secure, isolated containers with your Claude Max subscription. An OpenClaw plugin that executes Claude Code CLI sessions in rootless Podman containers. Let your AI agents delegate ...
Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...