The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python ...
The Hacker News

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source ...
GitHub

README_EN.md

Added Connect RPC API support with automatic Token type-based API selection Support for new Connect RPC protocol (using kimi-auth Cookie) Maintain traditional API ...
GitHub

Auto-refresh OAuth tokens for HTTP MCP servers

Problem: HTTP MCP servers (e.g., Microsoft 365) use OAuth tokens stored in ~/.copilot/mcp-oauth-config/. Tokens expire after ~1 hour. The interactive CLI uses keytar (system keychain) + browser ...