Cybernews

Next.js turf war heating up: Cloudflare’s vibe-coded gambit humbled by critical security bugs

Cloudflare’s experimental AI-built Next.js alternative, vinext, has been released with critical security flaws, escalating a feud with Next.js maintainer, Vercel.

Chrome 145 update fixes several critical browser vulnerabilities

A final security update for Chrome 145 eliminates a handful of vulnerabilities, including some labeled critical.
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Cybernews

AI agents are too easy to fool, with websites now littered with hidden “system override ...

Researchers at Unit 42, a security arm of Palo Alto Networks, have documented real-world attacks, and they’re as dumb as it gets. Hidden text on websites simply asks AI to “ignore previous ...

Browser engine Servo 0.0.5 released with post-quantum cryptography

The Rust-based browser engine Servo 0.0.5 supports quantum-safe algorithms and improves form controls, performance, and stability.
腾讯网

给OpenClaw开天眼!解决了10个跨境电商网站爬虫难题

如果不想在本地装 Chromium,或者要跑大量网站,Firecrawl skill是另一个选项——它在远程沙盒里跑浏览器,本机零压力,返回干净 Markdown,直接喂给 AI 分析。免费额度 500 次,加 cache: 2d 配置避免重复消耗。
腾讯网

谷歌曾说“不是秘密”的东西,Gemini时代成了提款机:三人创业团队 ...

作者|冬梅“我现在处于震惊和恐慌之中。”这是帖子的开头。没有铺垫,没有背景说明,只有一句情绪几乎溢出屏幕的自白。1 开发者 Gemini 账户被盗,48 小时损失 57 万在 Reddit 发帖的人,是一家位于墨西哥的初创公司联合创始人,公司只有三名开发者,规模很小,每月在谷歌云服务上的正常支出大约 180 ...