The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

What Is NemoClaw and How Does It Work?

NemoClaw is NVIDIA’s open source stack for secure AI agents, offering sandboxing, privacy controls, flexible deployment, and efficient runtime management.

Valencia AI Governance Startup Deploys Open-Source Nervous System Framework

Former training and development professional builds AI governance framework now managing 13 autonomous agents for ...
WinBuzzer

GhostClaw Fake OpenClaw Installer Steals macOS Dev Credentials

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...