The Hacker News

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial ...

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
腾讯网

恶意MCP服务器可劫持Cursor内置浏览器

网络安全公司 Knostic.ai 研究人员在提交给 CSO 的报告中指出:"我们演示了单个恶意 MCP 服务器如何将 Cursor 内部浏览器中的登录页面替换为攻击者控制的钓鱼页面,窃取凭证并发送至远程攻击者。该技术还能完全攻陷受害者工作站。" ...
InfoWorld

Agentic coding with Google Jules

Jules performs better than Gemini CLI despite using the same model, and more like Claude Code and OpenAI Codex.

Oracle“锁”住JavaScript? Deno公司诉讼维权,JS商标之争再起波澜

近日,关于 Java 商标权的争议再次引发行业关注。 尽管 Java 作为世界上最流行的编程语言之一,其商标却长期被 Oracle 掌控,这不仅引发了社区的广泛讨论,也促使 Deno 公司采取法律行动,试图挑战 Oracle 对 Java 商标的独占权。 这场持续发酵的商标之争,不仅关乎技术社区的自由发展,也映射出知识产权在技术领域中的复杂博弈。
腾讯网

字节悄悄上新豆包Coding模型,我在Claude Code用它看图复刻网页

离2026还有不到60天了,GPT5.1疑似在OpenRouter上线了,跳票快一个月的Gemini3又画饼说这个月出,马斯克的Grok Code Fast 1一度成为了最近一个月Token使用量最多的模型,MiniMax ...