在前六篇文章中，我们的 Agent 已经拥有了多渠道接入、自主推理、动态技能和长短期记忆。但要让它真正“干活”，还需要一双能操控现实系统的双手——工具。OpenClaw 内置了 Shell 执行、浏览器自动化、HTTP 请求等工具，并通过沙箱保障安全 ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

Israel's military says that the air force has carried out an airstrike on a southern suburb of Lebanon's capital. The strike on Thursday afternoon hit an apartment in Choueifat near ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Dozens of soon-to-be graduates of a Michigan high school eschewed their cars and trucks and arrived in tractors, ATVs, golf ...

You can try it for yourself, if you like.

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say.

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Web infrastructure giant Cloudflare is seeking to transform the way enterprises deploy AI agents with the open beta release of Dynamic Workers, a new lightweight, isolate-based sandboxing system that ...

A recent security incident affected Wikipedia when a self-propagating JavaScript worm began modifying user scripts and vandalizing pages. The problem was first noticed by editors who reported unusual ...