A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...

Christopher Harper is a tech writer with over a decade of experience writing how-tos and news. Off work, he stays sharp with gym time & stylish action games.

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Akrites is a coalition of 19 organizations, including every major AI lab and Wall Street banks, built to defend open-source ...

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.

Technology is the world’s most targeted industry as adversaries exploit the AI being built and the tools used to build it CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads. Threat actors ...