The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
InfoQ

Google ADK for Java 1.0 Introduces New App and Plugin Architecture, External Tools Support, and More

Google's Agent Development Kit for Java reached 1.0, introducing integrations with new external tools, a new app and plugin ...
GitHub

A generic, client-agnostic MCP server for managing tasks, checkpoints, and agent handoffs. Communicates via STDIO (JSON-RPC 2.0) or HTTP/SSE and works with any MCP-capable client.

Use case: Agent A hits its context limit or needs to hand off work. It saves a checkpoint with all relevant state. Agent B (same or different AI system) picks up the task and continues exactly where A ...
GitHub

Boxsh: A sandboxed POSIX shell with concurrent JSON-line RPC mode

A sandboxed POSIX shell and MCP server, built on dash 0.5.12. boxsh works as a command-line shell and as an MCP (Model Context Protocol) server for AI agents. OS-native sandbox isolation is baked in — ...