New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Next Web

Researchers tricked an OpenClaw AI agent into leaking AWS keys and customer data with a phishing email

Varonis built an OpenClaw email agent and phished it. It handed over AWS credentials, database keys, and a CRM export for 247 customers without verifying who asked.