A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...

Christopher Harper is a tech writer with over a decade of experience writing how-tos and news. Off work, he stays sharp with gym time & stylish action games.

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

The tool has already blocked more than 52,000 risky npm packages as supply chain attacks continue to hit software teams.

Technology is the world’s most targeted industry as adversaries exploit the AI being built and the tools used to build it CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads. Threat actors ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: ...