Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
GitHub

browser_snapshot returns lone Unicode surrogates causing "no low surrogate in string" JSON errors

browser_snapshot (and potentially other tools returning page content) can return text containing lone Unicode surrogates from DOM textContent. These are valid in JavaScript strings but invalid in JSON ...
GitHub

A native macOS browser for AI agents.

Browser automation tools like Puppeteer, Playwright, and Selenium weren't designed with AI agents in mind. They ship a full Chrome, communicate over HTTP/CDP, and hand you the entire DOM when all your ...
The Hacker News

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration ...