Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year.
GitHub

Python STC ReST API Client: stcrestclient

The stcrestclient package provides the stchttp ReST API library module. This allows simple function calls, nearly identical to those provided by StcPython.py, to be used to access TestCenter server ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python ...
The Hacker News

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source ...
GitHub

Claude Agent SDK: OTEL Exporter Missing Prompt Caching Token Breakdown

The Claude Agent SDK's OTEL exporter does not include prompt caching token breakdowns in the spans it exports. This causes downstream observability platforms (e.g., Langfuse) to significantly ...
TechCrunch

OpenAI launches GPT-5.4 with Pro and Thinking versions

On Thursday, OpenAI released GPT-5.4, a new foundation model billed as “our most capable and efficient frontier model for professional work.” In addition to the standard version, GPT-5.4 is also ...