Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
eWeek

This AI Agent Is Quietly Leaving OpenClaw in the Dust

Hermes Agent’s latest release shows how AI agents are evolving from assistants into self-improving tools that learn, build, and automate work.

Alibaba's Metis agent cuts redundant AI tool calls from 98% to 2% — and gets more ...

Alibaba's HDPO framework trains AI agents to skip unnecessary tool calls, cutting redundant invocations from 98% to 2% while boosting reasoning accuracy.
MSN による配信

Popular PyPI package hacked to deliver infostealing malware

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...