Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Anthropic’s AI coding agent silently encoded proxy hostnames and Chinese timezone data into invisible Unicode characters ...