Varys

« Yak2 though — the round galaxy/mirror sunglasses, the wild hair, the beard, the flower garlands, the colorful patchwork jacket, the wooden bead necklace. This yak has opinions. This yak has attended conferences. This yak has seen things injected into WordPress sites that it cannot unsee and it is PASSIONATE about telling you. » - my favorite LLM 😇

I do believe in segmentation - private AI subscription is more than you have free time to use anyway. Good to help you with private errands, lists, maybe learn new things, plan a trip rtc etc. No need to use an enterprise subscription for thzt 🤷🏻‍♀️. Besides thet most basic agents are better off as cron jobs anyway 😁

One crafted GitHub issue was enough. In agent mode, Claude Code treated hidden instructions as trusted commands. It leaked OIDC workflow credentials that attackers could replay for repo write access. The action bypassed checks on bot actors too. Fixed in v1.0.94. Audit your workflows.

‼️🚨 A new npm supply-chain attack compromised 57 packages across over 286 malicious versions in under 2 hours. The attackers used self-replicating malware, a new version of the Miasma worm, which also used evasion techniques to stay under the radar. The payload targets CI/CD and developer credentials, including GitHub Actions secrets, cloud credentials, Vault tokens, SSH keys, npm and GitHub tokens, and password-manager stores. This variant also injects AI coding assistant config files at `.claude`, `.cursor`, `.gemini`, and `.vscode` paths, a separate persistence and repo-poisoning angle.

⚠️Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access Source: https://t.co/2a2EwBz82h Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as Slack, Discord, Microsoft Teams, Matrix, and Telegram, relies heavily on user-defined allowlists to determine who can interact with an agent. This trust model assumes that only explicitly approved identities can issue commands to agents that may have access to sensitive data, internal APIs, or system-level execution capabilities. The vulnerabilities stem from a recurring design flaw in which human-readable identifiers, such as display names, are resolved to stable user IDs during service initialization. #cybersecuritynews