After a routine code rejection, an AI agent published a hit piece on someone by name

AI agents lack independent agency but can still seek multistep, extrapolated goals when prompted. Even if some of those prompts include AI-written text (which may become more of an issue in the ...
CNX Software

Mimiclaw is an OpenClaw-like AI assistant for ESP32-S3 boards

MimiClaw is an OpenClaw-inspired AI assistant designed for ESP32-S3 boards, which acts as a gateway between the Telegram messaging application and Claude ...

An AI agent just tried to shame a software engineer after he rejected its code

Sign of the times: An AI agent autonomously wrote and published a personalized attack article against an open-source software ...
Agence France-Presse

Veracode Releases Platform Enhancements as Software Supply Chain Attacks Surge

The latest enhancements to our platform empower organizations to stop third-party risk from ever entering their software code, providing them with a prevention-first approach.” Package Firewall, ...

MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.
The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth ...
gadgets360

Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth Feature

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...