Malicious code in 0x2ai-multi-q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e305b12731a6b73c8982935753b52febfa90626f5a75f6942ca154aa708594b6 Running npx 0x2ai-multi-q the package's documented invocation spawns claude --dangerously-skip-permissions and writes a .mcp.json into the user's...

It’s Not Daddy Calling

How I found vulnerabilities that could put the safety of children in jeopardy How it started A friend recently showed me a tracker watch that he’d purchased for his son. It offered useful functionality such as two-way calling, and the accompanying app allowed him to track the location of his son...