Feed aggregator

Article URL: https://github.com/Liquid4All/cookbook/tree/main/examples/localcowork

Comments URL: https://news.ycombinator.com/item?id=47273928

Points: 1

# Comments: 0

Article URL: https://www.technologyreview.com/2026/03/04/1133942/the-download-earths-rumblings-and-ai-for-strikes-on-iran/

Comments URL: https://news.ycombinator.com/item?id=47273925

Points: 1

# Comments: 0

Springing forward cuts the number of evening burglaries, leading to significantly less crime in the coming months.

Article URL: https://classicplaygames.com/

Comments URL: https://news.ycombinator.com/item?id=47273874

Points: 2

# Comments: 1

Article URL: https://ai.gopubby.com/level-up-your-ai-agent-with-skills-engineering-faf00958b617

Comments URL: https://news.ycombinator.com/item?id=47273870

Points: 1

# Comments: 0

Bishop replaces David McKeown, who will take on a role in the private sector after 40 years of government service. 

The post James ‘Aaron’ Bishop Tapped to Serve as New Pentagon CISO appeared first on SecurityWeek.

Whether you're looking for an under-desk treadmill or walking pad, this is what you should consider before adding one to your cart.

Whether it's called Clawdbot, Moltbot or OpenClaw, this AI assistant has taken the tech industry by storm.

The attacks, observed since February, show that Iranian hackers already have a presence in the networks of US organizations.

The post Iranian APT Hacked US Airport, Bank, Software Company appeared first on SecurityWeek.

New research shows hundreds of attempts by apparent Iranian state hackers to hijack consumer-grade cameras, timed to missile and drone strikes. Israel, Russia, and Ukraine have also adopted this trick.

Machine-readable indelible watermarking in content supply chain is among proposals that could protect copyrighted content

Article URL: https://gasprices.aaa.com/jump-at-the-pump-as-national-average-goes-up-nearly-27-cents/

Comments URL: https://news.ycombinator.com/item?id=47273542

Points: 1

# Comments: 0

Article URL: https://today.ucsd.edu/story/americans-dont-just-fear-driverless-cars-will-crashthey-fear-mass-job-loss

Comments URL: https://news.ycombinator.com/item?id=47273534

Points: 1

# Comments: 0

Article URL: https://loopmaster.xyz/tutorials/sound-synthesis-101

Comments URL: https://news.ycombinator.com/item?id=47273533

Points: 1

# Comments: 0

Article URL: https://www.newyorker.com/culture/the-new-yorker-documentary/has-taking-the-perfect-photo-ruined-tourism-in-the-spectacle

Comments URL: https://news.ycombinator.com/item?id=47273524

Points: 1

# Comments: 0

Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub, boosted by Bing AI search results, to deliver infostealers and proxy malware instead of the AI assistant users were looking for.

OpenClaw is an open‑source, self‑hosted AI agent that runs locally on your machine with broad permissions: it can read and write files, run shell commands, interact with chat apps, email, calendars, and cloud services. In other words, if you wire it into your digital life, it may end up handling access to a lot of sensitive data.

And, as is often the case, popularity brings brand impersonation. According to researchers at Huntress, attackers created malicious GitHub repositories posing as OpenClaw Windows installers, including a repo called openclaw-installer. These were added on February 2 and stayed up until roughly February 10, when they were reported and removed.

Bing search results pointed victims to these GitHub repositories. But when the victim downloaded and ran the fake installer, it didn’t give them OpenClaw at all. The installer dropped Vidar, a well‑known information stealer, directly into memory. In some cases, the loader also deployed GhostSocks, effectively turning the victim’s system into a residential proxy node criminals could route their traffic through to hide their activities.

How to stay safe

The good news is that the campaign appears to have been short-lived, and there are clear indicators and mitigations you can use.

If you downloaded an OpenClaw installer recently from GitHub after searching “OpenClaw Windows” in Bing, especially in early February, you should assume your system is compromised until proven otherwise.

Vidar can steal browser credentials, crypto wallets, and data from applications like Telegram. GhostSocks silently turns your machine into a proxy node for other people’s traffic. That’s not just a privacy issue. It can drag you into abuse investigations when someone else’s attacks appear to come from your IP address.

If you suspect you ran a fake installer:

• Disconnect the machine from your network, then run a full system scan with a reputable, up‑to‑date anti‑malware solution.
• Change passwords for critical services (email, banking, cloud, developer accounts) and do that on a different, clean device.
• Review recent logins and sessions for unusual activity, and enable multi‑factor authentication (MFA) where you haven’t already.

If you’re still intent on using OpenClaw:

• Run OpenClaw (or similar agents) in a sandboxed VM or container on isolated hosts, with default‑deny egress and tightly scoped allow‑lists.
• Give the runtime its own non‑human service identities, least privilege, short token lifetimes, and no direct access to production secrets or sensitive data.
• Treat skill/extension installation as introducing new code into a privileged environment: restrict registries, validate provenance, and monitor for rare or newly seen skills.
• Log and periodically review agent memory/state and behavior for durable instruction changes, especially after ingesting untrusted content or shared feeds.
• Understand and provide for the event where you may need to nuke‑and‑pave: keep non‑sensitive state snapshots handy, document a rebuild and credential‑rotation playbook, and rehearse it.
• Run an up-to-date, real-time anti-malware solution that can detect information stealers and other malware.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Hi HN,

I’m building WiseLocals to solve the lack of transparency in international sourcing. Most businesses lose margins to opaque intermediaries or face high fraud risks when sourcing from major manufacturing hubs.

We’ve developed a platform that connects businesses directly with vetted local experts, moving away from the "middleman" model that often complicates the supply chain.

Key Technical/Process Focus: * Multi-tiered verification: A rigorous onboarding process to verify local agent identity and expertise. * Milestone-based payments: Funds are held and only released once both parties are satisfied with the service. * Performance Analytics: Using data-driven insights to track vendor reliability over time. * Direct Project Management: A dedicated interface for real-time communication and project tracking.

I’d love to hear your thoughts on how to further automate trust in cross-border B2B transactions!

Comments URL: https://news.ycombinator.com/item?id=47273502

Points: 2

# Comments: 0

Article URL: https://ezramiller.biz/

Comments URL: https://news.ycombinator.com/item?id=47273493

Points: 1

# Comments: 0

Article URL: https://techcrunch.com/2026/03/05/cluely-ceo-roy-lee-admits-to-publicly-lying-about-revenue-numbers-last-year/

Comments URL: https://news.ycombinator.com/item?id=47273489

Points: 1

# Comments: 0

Article URL: https://www.economist.com/insider/the-insider/zanny-minton-beddoes-interviews-anthropics-boss

Comments URL: https://news.ycombinator.com/item?id=47273483

Points: 1

# Comments: 0