One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
CSO Online

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
CoinDesk

Kelp claims that LayerZero approved the setup it blamed for $292 million bridge hack

The $292M exploit, linked to North Korea's Lazarus Group, led Kelp to migrate its rsETH off LayerZero's OFT standard to ...

The 10-gate AI search pipeline: Find where your content fails

AI search is a multiplicative system where one weak signal limits results. Diagnose bottlenecks, prioritize fixes, and ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...
Security Boulevard

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...
InfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...
NBC News

Oil prices rise as stocks erase losses sparked by Iran war

The price of oil rose Monday, as a U.S. blockade of Iran’s ports and coastal areas came into effect and President Donald Trump threatened to eliminate any Iranian “fast attack ships” that approached ...
Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire Sleet compromised the ...
New Atlas

Graphite-dispensing lube gadget promises clean bicycle drivetrains

Traditionally lubed bicycle chains are notoriously dirty to touch, and a hassle to clean. Yours may not have to be either of those for much longer, however, if you spring for the ...
blockchain

List of AI News about ModelScope

According to @godofprompt, builders can now deploy multimodal AI agents at lower infrastructure cost by combining smaller Qwen 3.5 family models with smarter system architecture, maintaining equal or ...