One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

How indirect prompt injection attacks on AI work - and 6 ways to shut them down ...
Tech Times

Shannon Lite v1.2.0 on Claude Opus 4.7: Anthropic’s New Cyber Safeguards Require Pentesters to Enroll Before Scans

Shannon Lite, the autonomous white-box penetration testing tool built by San Francisco-based Keygraph, shipped version 1.2.0 ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...
Onrec

How HR Teams Are Addressing Cybersecurity Risks in Remote Recruitment Workflows

Overlooking Dependency Risks Developers frequently install packages without verifying their integrity. Attackers publish ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

OpenAI Launches Daybreak the Same Day Google Confirmed the First AI-Built Zero-Day Attack

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...

Natural Gas and Oil Forecast: Hormuz Crisis Keeps WTI at $102 — Can Bulls Push to $105?

WTI reclaims $102 inside a blue ascending channel as Hormuz disruptions cut 20% of global supply — bulls now eye $103–$105 ...

How a free NFT reportedly tricked Grok into losing $174,000

A reported Grok-linked crypto incident shows how a free NFT and AI prompt injection allegedly led to a $174,000 token loss on ...

Russian hackers turn Kazuar backdoor into modular P2P botnet

The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) ...
Security Boulevard

Claude Code for Engineers: A Practitioner’s Playbook for Software, QA, and Security Teams

The opinionated guide to running Claude Code well. CLAUDE.md, skills, subagents, hooks, and the workflows that produce ...