Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.

As artificial intelligence becomes the defining battleground of technological leadership, CrowdStrike’s 2026 Technology Threat Landscape Report reveals that nation-state adversaries and cybercriminals ...

Technology is the world’s most targeted industry as adversaries exploit the AI being built and the tools used to build it CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads. Threat actors ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: ...