Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Infosecurity Magazine

Deep#Door Python Backdoor Evades Detection On Windows

A stealthy Python-based backdoor framework capable of long-term surveillance and credential theft has been identified ...
The Hacker News

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Critical out-of-bounds read in Ollama before 0.17.1 leaks process memory including API keys from over 300000 servers via ...
ProVideo Coalition

Foundry’s updated Nuke Stage simplifies virtual production workflows

First revealed at NAB 2025, Nuke Stage enables real-time playback of photoreal environments onto LED walls using standard ...
The Hacker News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.
Dark Reading

LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly

In the latest evolution of automated cyberattacks, 2 threat campaigns heavily leveraged AI agents to support attacks against ...

JDownloader distributed malware downloads

In early May, the JDownloader website delivered malware. This is reminiscent of Daemon Tools, which have since reacted.

Linux cryptographic code flaw offers fast route to root

The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn ...
Business2Community

Claude Adds Adobe, Blender and Canva Connectors for Creative Teams

Anthropic announced on April 28, 2026, that Claude can now operate within 9 third-party creative tools: Adobe Creative ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

New PCPJack worm steals credentials, cleans TeamPCP infections

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing ...
Security Boulevard

How to Connect Custom AI Agents with Slack

Whether you want simple fire-and-forget alerts or full two-way control, here's how to securely wire your AI agent into Slack.