The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
The Hacker News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Linux ‘Copy Fail’ flaw lets anyone hijack system privileges. Update ASAP

Copy Fail is a critical Linux vulnerability that lets any local user corrupt cached files and escalate to admin. Update your ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...
AMBCrypto

7 best all-in-one AI trading bot platforms in 2026 for crypto, forex, and stock trading

AI trading bots are no longer used only by professional quant teams. In 2026, traders are using automated tools to monitor ...
The Hacker News

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

CVE-2026-22679 exploited via debug endpoint in Weaver E-cology before 20260312, enabling RCE and system compromise.
How-To Geek on MSN

This AI coding assistant changed how I use VS Code, and I can't go back

I stopped Googling error messages after building this VS Code AI assistant—and it supercharged my programming.
Security Info WatchOpinion

Why Point-in-Time Assessments Fail and What Must Replace Them

The rise of AI services, rapid software updates and unseen third-party data flows is exposing the limits of annual vendor ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...