MCP is the MVP.

AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

OpenAI has launched a plugin marketplace for Codex with over 20 integrations from Slack, Figma, and Notion, adding enterprise ...

写在最前面，2月28日通义实验室AgentScope团队发布了自研的独立部署开源桌面Agent工具：CoPawhttps://copaw.agentscope.io/CoPaw是整体架构上类似openclaw的工具，用的agentscope框架搭建， ...

Learn how to build your own AI Agent with Raspberry Pi and PicoClaw that can control Apps, Files, and Chat Platforms ...

作者 | 熊月，Microsoft Edge QA审校 | Kitty项目贡献成员：芈峮、佟玉、刘竞屏、王政达、熊月 开源地址：github.com/microsoft/AutoGenesis ...

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...

Supply chain attacks feel like they're becoming more and more common.

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...