GitHub Actions cache poisoning let 84 hacked TanStack npm releases ship
GitHub Actions cache poisoning let 84 hacked TanStack npm releases ship AI Sec News Weekly #9 — 331 sources scanned We keep underestimating state. Not the...
M365 Copilot CVE-2026-24299: Preview to Exfiltration and Persistence
M365 Copilot CVE-2026-24299: Preview to Exfiltration and Persistence AI Sec News Weekly #8 — 190 sources scanned In AI systems, ‘read-only’ is rarely read-...
AI Coding Tools are Becoming a New Persistence Layer
AI coding tools are becoming a new persistence layer” AI Sec News Weekly #7 — 240 sources scanned We’ve been busy threat-modeling dependencies and pipelines,...
Shai-Hulud worm rode @bitwarden/cli 2026.4.0, abusing GitHub Actions secrets
Shai-Hulud worm rode @bitwarden/cli 2026.4.0, abusing GitHub Actions secrets AI Sec News Weekly #6 — 204 sources scanned When did 'npm install' become a...
AI Tools Are Reading… and Writing Back
Your AI Tools Are Reading… and Writing Back AI Sec News Weekly #5 — 161 sources scanned When we call something “read-only,” do we stop questioning what it...
Anthropic's Mythos Model Claims 72% Zero-Day Exploit Rate. Now what?
Anthropic's Mythos Model Claims 72% Zero-Day Exploit Rate AI Sec News Weekly #4 — 214 sources scanned There's a useful heuristic in security economics: a...
Claude Code's Permission System Flipped by Prompt Injection
Claude Code's Permission System Flipped by Prompt Injection AI Sec News Weekly #3 — 221 sources scanned There's a quiet assumption baked into most agent...
Cisco Breached After Trivy Supply Chain Attack Hits AI Product Source
Cisco Breached After Trivy Supply Chain Attack Hits AI Product Source AI Sec News Weekly #2 – 194 sources scanned Supply chain attacks used to be a patience...
TeamPCP Backdoors LiteLLM on PyPI, Harvests Cloud Creds at Scale
Supply-chain attacks used to target what you depend on. Now they target what your AI depends on. There's a difference — and it matters more than most teams realize.