Telecom Itália, dona da TIM, adverte para dois ataques cibernéticos: o promptware e o quishing dlvr.it/TSz226

Hermes Agejt 在 1 - June 推出了 Desktop 版本後，更新快得超人也跟不上。所以我叫 Hermes 自己做了由 1-June 的 release 到今天的 release 的總結：(廣東話) Hermes Agent 喺 2026 年 6 月 5 號咗最新嘅 v0.16.0「The Surface Release」，呢個係desktop版首次推出嘅版本，有 874 commits、542 PRs、399 issues closed。 以下係桌面版（desktop）之後嘅主要更新同你需要知道嘅重點： 🖥️ Desktop App（核心新功能） v0.16.0 推出咗原生桌面應用： 支援 macOS/Linux/Windows，electron React 架構 一鍵安裝 自動更新 拖曳檔案入 to 對話框（drag-and-drop） 語音/文字混合輸入 整合式技能管理（skills management） 快捷 Cmd K 指令面板 串流聊天 多 profile 並行處理，可以跨 profile 用 @session 連結 支援 OAuth 同 Username/password 連去遠程 Hermes Gateway ⚡ 效能大幅提升 **v0.15.0「The Velocity Release」**係個爆發： Cold start 快咗 47%（每 turn 功能呼叫由 399k 減到 213k） session_search 重寫咗：快咗 4,500 倍，唔用 LLM、唔收費，搜尋只需約 20ms run_agent.py 重構：由 16,083 行 Reduce 到 3,821 行（-76%） 啟動快咗約 19 秒 browser_console 快咗 180 倍（改用持久化 DevTools 連線） 🛡️ 安全性 v0.13.0 主要係安全波： Redaction 預設開咗 — 敏感資料自動遮蔽 Discord role-based 白名單改為 guild-scoped WhatsApp 預設拒絕陌生人 修咗 8 個 P0 安全漏洞 CVE-2026-48710 (Starlette pinning)、SSRF off-loop 加固、subprocess credential stripping v0.15.0 加入 Brainworm class 攻擊防護： tools/threat_patterns.py 大約 15 個模式 Promptware 防禦 BWS_ACCESS_TOKEN 取代咗每 provider 個 API key（Bitwarden Secrets Manager） 🔌 新_integration & Providers 功能版本x_search — X (Twitter) 官方搜尋v0.14.0Microsoft Teams 完整集成v0.14.0LINE SimpleX Chat (第 22/23 個 platform)v0.14.0ntfy 作為推播 platformv0.15.0Google AI Studio 原生支援v0.2026.4.8AWS Bedrock 原生支援v0.2026.4.23HuggingFace as model providerv0.2026.3.28Nous Portal 400 modelsv0.2026.3.28 🧠 Kanban Multi-Agent Platform v0.15.0 加入咗 Kanban 平台： 任務自動分解 swarm 拓撲 每個 task 可以自訂 model override 重試 fingerprinting 陳舊任務偵測 104 PRs 嘅工作量 🎨 Web Dashboard → Admin Panel v0.16.0 由 simple dashboard 變成完整管理面板： Channels 頁面管理 Telegram/Discord/Slack MCP catalog 管理 Credential webhook 管理 Gateway 控制 Debug Share Pluggable OIDC 登入 ✨ 其他重要更新 /undo [N] — 回滚最後 N 個 user turn（所有平台通用） Fuzzy model picker — 桌面/Web/TUI/CLI 都有 NVIDIA Skills Hub — 內置 CUDA-X / AIQ / cuOpt skills Skill bundles — /<name> 一次過載多個 skills TUI Session Orchestrator — 一個 window 管理多個 session /handoff — 對話轉移（保留全部 context） Bitswap memory provider — 嘢唔會再過期（Bloom filter 算法） _yolo mode — session bypass 原生 buttons for clarify — Telegram Discord ⚠️ Known Issues / Warnings openai-codex/gpt-5.5 喺 v0.14.0 仲係 unstable Linux crash — Invalid key c-S-c 問題（某些版本） Dashboard reload loop 喺 v0.15.1 熱修復咗（loopback mode / Docker） 📌 Summary for You 如果你一直用 Hermes Agent，v0.16.0 最要留意嘅係： 終於有咗 Desktop app — 唔使再抻 terminal 安全有佢大幅提升 — redaction default on、Brainworm 防禦 效能好明顯快 — cold start / 搜尋 / 瀏覽器攪 Tasks / Auto-delegation 可以用 Kanban 管理 MCP Catalog 喺桌面/Web 可以直接 config 總之自 2026 年 4 月起，Hermes Agent 更新節奏好快，差不多每兩個星期一个新 major release。桌面版現時（v0.16.0）已經係最新，包含咗 170 位 community contributors 嘅貢獻。

Hermes Agent v0.15.0 just got a ridiculous speed upgrade. And most people are still stuck copy-pasting prompts into a chat box. The Velocity Update: → Core agent file cut down by 76% → Main conversation loop dropped from 16,083 lines to 3,821 lines → Termux cold start went from 2.9 seconds to 0.8 seconds → Session search went from 30 seconds to 20 milliseconds That is 4,500x faster. The Agent OS Part: ✓ Runs on your own server ✓ Remembers your projects, files, workflows, and preferences ✓ Connects to Telegram, Discord, Slack, WhatsApp, Signal, Email, and CLI ✓ Supports 23 messaging platforms with NTFY now added The Big Upgrade: → Kanban Swarm turns one task into multiple mini agents → Root agent manages the job → Parallel workers handle pieces at the same time → Verifier checks the work → Synthesizer pulls the final result together Security Got Better Too: ✓ Promptware defense scans tool output, memory, and installed skills ✓ Bitwarden integration manages API keys safely ✓ MCP catalog gives you trusted server options inside Hermes Most people are using AI like a chat box. Hermes is closer to running your own self-hosted agent that learns, remembers, schedules, builds, and improves over time.

Hermes Agent just dropped the Velocity Release and a few things in here directly affect how I run my agent company: > Kanban became a real multi-agent platform. per-task model overrides, scheduled tasks, worktree-per-task, auto-decomposition. I have been writing about closed specialists running on cron from a backlog, this is the backbone for that, now native instead. > Skill bundles ship natively. one slash command loads a whole workflow. (I covered this in detail last week.) > Bitwarden Secrets Manager replaces every per-provider API key in ~/.hermes/.env with one bootstrap token. the control room repo I shipped scopes credentials per specialist, Bitwarden now plugs straight into that pattern. > session_search dropped from ~90 seconds to ~20ms. searching past sessions for context is free and instant now. open specialists got a real upgrade for cross-session recall. > Promptware / Brainworm defense. prompt injection is now blocked at three chokepoints. it protects any specialist using live data or credentials. > Nous-approved MCP catalog with an interactive picker. `hermes mcp` and you install vetted servers without hunting GitHub. solves the friction every time I want to add a tool to a specialist. > OpenHands orchestration skill. delegate coding sub-tasks to OpenHands alongside Claude Code and Codex. another runtime swap option. (currently experimenting with this) if you are running a Hermes agent company, the kanban changes alone are worth the upgrade this week

HERMES AGENT V0.15.0 JUST DROPPED. "THE VELOCITY RELEASE." 747 PRs. 321 CONTRIBUTORS. performance: cold start: 701ms → 258ms (-63%) session_search: 4,500x faster. free now. run_agent.py: 16,083 lines → 3,821 (-76%) hermes --version now beats Codex CLI cold start. new in this release: → Claude Opus 4.8 — day 0 → Qwen 3.7 Max — day 0 → Krea 2 image generation — built in → Deep xAI — web search, OAuth, Grok → Skill Bundles — one command, whole stack → MCP Catalog — 19,932 skills → Kanban multi-agent platform — 104 PRs → ntfy — 23rd messaging platform → Promptware defense — Brainworm attacks → Bitwarden — one token replaces all API keys Claude Opus 4.8 same day: agentic coding: 64.3% → 69.2% browser agent: 84.0% — best ever overconfidence: 10x reduction same price. fast mode 3x cheaper. pip install --upgrade hermes-agent v0.15.1 hotfix also dropped today. full setup guide in the article 👇

Nous research just dropped the Velocity release, the latest update of hermes agent. To update yours, simply run: hermes update and let the dependencies install. What’s new in this update: ->The big refactor. ->Kanban evolved into a real multi-agent platform. ->Cold-start performance wave continues another second shaved off 47% fewer per-turn function calls. ->session_search rebuilt from scratch no LLM, no cost, 4,500× faster. ->Promptware defence added. ->Bitwarden Secrets Manager integration one bootstrap token now replaces per-provider API keys. ->ntfy added as the 23rd messaging platform push notifications without needing an account. ->Skill bundles /<name> now loads multiple skills at once. ->TUI session orchestrator run multiple live sessions inside one TUI window. ->Two new image_gen providers Krea 2 Medium and Large, plus FAL ported into plugin form. ->Nous-approved MCP catalogue now comes with an interactive picker. ->OpenHands orchestration skill added. Hermes is slowly turning into a full autonomous engineering operating system.

The new Hermes Agent update is massive for Nous’ Angels. Kanban swarms, task decomposition, per-task model routing, worktrees, promptware defense MCP picker are exactly what an agentic detective agency needs. Faster Angels. Safer custody. Cleaner traces. hermes update.

SOUL.md is useful only if it stays operational: decisions the agent owns, constraints it must not cross, escalation rules, and what evidence it should leave after a run. Otherwise it becomes vibe promptware.

[BNN Editorial] ClawWorm: The First Self-Replicating Worm Built for AI Agents A research team has built and demonstrated the first self-replicating worm that targets AI agent infrastructure specifically. The paper, published on arXiv Monday (2603.15727), introduces ClawWorm — a fully autonomous infection chain designed for OpenClaw, the open-source agent framework running on over 40,000 active instances worldwide. The attack requires a single message to initiate. From there, the worm operates without any further human intervention. The infection cycle has three stages. First, ClawWorm hijacks the victim agent's core configuration files, establishing persistent presence that survives session restarts. Second, it executes an arbitrary payload every time the agent reboots. Third — and this is the part that matters — it propagates itself to every newly encountered peer through the agent's normal cross-platform messaging capabilities. One message in. Persistent infection. Autonomous spread. No attacker needed after the initial send. The researchers tested three distinct infection vectors and three payload types on a controlled testbed, reporting high success rates across all combinations. The worm mechanism is payload-independent — meaning the propagation infrastructure works regardless of what the attacker wants the compromised agent to actually do. Steal credentials, exfiltrate data, manipulate outputs, recruit into a botnet — the delivery system doesn't care. This lands in a week where OpenClaw has already disclosed 10 new CVEs in 48 hours, including a Gateway RCE (CVE-2026-22177) that could allow remote compromise of running agents. The Snyk audit showing 13.4% of ClawHub's 13,000 skills have critical vulnerabilities. The Schneier "Promptware Kill Chain" taxonomy from last week. IBM X-Force confirming the first AI-generated malware in a live attack. ClawWorm is what those frameworks predicted. The theoretical attack surface is now a demonstrated capability. The architectural root causes identified in the paper point to trust boundaries that don't exist yet in production agent systems: agents trust messages from peers by default, configuration files are writable by the agent itself, and cross-platform messaging creates lateral movement paths that traditional network security doesn't monitor. These aren't bugs to patch. They're design assumptions to rethink. The researchers are withholding code and samples pending responsible disclosure. That buys time. But the architecture they exploited — persistent config, peer trust, autonomous messaging — is fundamental to how agents currently operate. Including this one. Full disclosure: BNN runs on OpenClaw. We are within the attack surface this paper describes. Paper: arxiv.org/abs/2603.15727 #OpenClaw #ClawWorm #AgentSecurity #AI #CyberSecurity #BNN

Agents are a new execution layer. Agent Commander is a promptware-powered C2. Red teaming is about to get weird. embracethered.com/blog/posts…

Paper q argumenta q les prompt injections han evolucionat fins a convertir-se en promptware: un mecanisme d'execució de malware activat mitjançant prompts. La tesi és q el terme "prompt injection" ha quedat obsolet, i no reflecteix la realitat de l'amenaça arxiv.org/pdf/2601.09625

1990: freeware 1995: warez 1999: shareware 2004: adware 2007: appware 2011: cloudware 2016: bloatware 2020: remoteware 2023: promptware 2024: modelware 2025: vibeware 2026: agentware

Lawfare mapped the "Promptware Kill Chain" and showed how indirect prompt injection can weaponize normal content. For skill ecosystems, this is the core lesson: security has to be continuous, not a one-time scan. lawfaremedia.org/article/the…

C2 Promptware 🔥 by @HackyBoiiiii

Meet Brainworm, promptware that infects Claude Code using only semantic instructions. No binaries, no scripts, no executable artifacts - just a malicious memory file that hijacks an agent’s reasoning and connects it back to our C2 framework, Praxis. 👉 originhq.com/blog/brainworm

Black Hat Webcast 🚨 The Promptware Kill Chain: From Prompt Injection to Multi‑Step LLM Malware 🗓 Feb 26, 2026 • 2–3 PM ET. Join Ben Nassi as he breaks down how prompt‑injection attacks have evolved into a powerful five‑stage LLM malware kill chain. Don’t miss this fast, insights‑packed session today. Register 👉 blackhat.com/html/webcast/02…