Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
腾讯网

别折腾OpenClaw了,阿里的CoPaw才是中国用户的平替!

说起来,上周五看到阿里开源CoPaw的消息时,我第一反应是"终于来了"去年年初OpenClaw(圈内昵称"龙虾")刚出来的时候,我花了大概两天时间折腾部署。那时候GitHub星标蹭蹭往上涨,所有人都说这是个人AI助手的终极形态——能远程控制电脑、自动整理文件、生成周报,甚至在线购物支付。但很多人最后还是放弃了。为什么?