Cybernews

“No” means “Yes”: developers are going crazy over disobedient Claude coding assistant

Developers are frustrated that Anthropic’s Claude Code AI assistant often overrides their explicit “no” command and executes code changes anyway.
Security Boulevard

China-nexus Threat Actor Targets Persian Gulf Region With PlugX

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
The Hacker News

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

DNS flaw in Amazon Bedrock and critical AI vulnerabilities expose data and enable RCE, risking breaches and infrastructure ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Microsoft

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise ...
Security Boulevard

Dust Specter APT Targets Government Officials in Iraq

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...
GitHub

Bug: Stremio v5 black screen on macOS 26.3 beta — WKUserScript injection fails on percent-encoded URLs

Stremio v5 shows a black screen after the splash animation on macOS 26.3 beta (build 25D5112c). The cause seams like a WebKit regression where WKUserScript injection silently fails when the page URL ...
GitHub

A Chrome extension designed to decode Walmart Queue-it data directly from the URL, providing insights into your position and likelihood of access.

Decodes Queue Parameters: Extracts ticket number, expected turn time, and admission likelihood. Auto-Refresh: Set a specific time for the page to automatically refresh, ensuring you're ready for the ...