The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
GitHub

Claude Agent SDK: OTEL Exporter Missing Prompt Caching Token Breakdown

The Claude Agent SDK's OTEL exporter does not include prompt caching token breakdowns in the spans it exports. This causes downstream observability platforms (e.g., Langfuse) to significantly ...
The Hacker News

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey ...
GitHub

Auto-refresh OAuth tokens for HTTP MCP servers

Problem: HTTP MCP servers (e.g., Microsoft 365) use OAuth tokens stored in ~/.copilot/mcp-oauth-config/. Tokens expire after ~1 hour. The interactive CLI uses keytar (system keychain) + browser ...