Researchers warn malicious GitHub repositories can trick AI coding agents into running hidden malware through trusted setup steps, risking developer systems and credentials. Google - Gemini A newly ...

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

这三个痛点互相关联：知识遗忘 → 被迫灌上下文 → 上下文爆炸 + Token 浪费。解决思路也需要系统化——LLM Wiki 解决知识层压缩，RTK 解决 I/O 层压缩，AGENTS.md 提供入口规范，三者配合形成完整方案。 不需要手动写完整文档。在每个 wiki 文件中放一个最小骨架 ...

Researchers from Zscaler found a new malware campaign dubbed Edgecution.

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

This project is a fork of psycopg, originally developed by the Psycopg Team. Original work: Copyright © 2020 The Psycopg Team License: GNU Lesser General Public ...

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Spread the love“`html PowerShell, a task automation and configuration management framework from Microsoft, has become an essential tool for IT professionals and system administrators. Through its ...

Kimi 最近把 Agent 从 Python 转成了 Typescipt 和 pi-tui 的 kimi-code 新的 Agent，这个蛮有意思的，为什么 Kimi 要这么做。是跟着 Claude code 的步伐吗？ 让我们看一下 Kimi-code 的结构变化 维度旧版 kimi-cli新版 kimi-code语言Python ...