ML supply chain attacks — malicious model weights on HuggingFace, poisoned pip packages, compromised training pipelines. Mapped to MITRE ATLAS AML.T0010 and OWASP LLM05.
A malicious version of PyTorch Lightning (v2.6.3) was published to PyPI, embedding a hidden execution chain that silently downloads a JavaScript runtime and executes a heavily obfuscated …
The US Department of Defense has formalised agreements with seven major technology companies — including Google, Microsoft, OpenAI, and Amazon Web Services — to integrate AI into classified military …
Loopsy is an open-source tool enabling cross-machine communication between AI coding agents (Claude Code, Cursor, Codex) and mobile devices via a self-hosted Cloudflare Workers relay. While designed …
Google has patched a maximum-severity (CVSS 10.0) vulnerability in its Gemini CLI tooling that allowed unauthenticated attackers to achieve remote code execution by planting malicious configuration …
North Korean threat group Famous Chollima (Shifty Corsair) has weaponised AI-assisted code generation to embed malicious npm packages into autonomous AI agent projects, targeting cryptocurrency …
A critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM AI gateway was actively exploited within 36 hours of public disclosure, targeting database tables storing …
A critical unauthenticated SQL injection vulnerability (CVE-2026-42208) in LiteLLM, a widely-used LLM proxy and SDK middleware, is being actively exploited to extract API keys, provider credentials, …
The TeamPCP supply chain campaign resumed after a 26-day pause with three concurrent compromises targeting Checkmarx KICS (Docker Hub), xinference (a popular AI inference PyPI package), and a …
Hugging Face's Gradio MCP server integration enables LLMs to connect to thousands of third-party AI tools via Hugging Face Spaces, significantly expanding the attack surface for agentic AI systems. …
A group of Discord users gained unauthorized access to Anthropic's restricted Mythos Preview AI model by combining data from a third-party breach, educated guessing about model endpoint URLs, and …
Stash is an open-source persistent memory layer for AI agents using PostgreSQL and pgvector, exposing a broad MCP tool surface (28 tools) that introduces significant attack vectors including memory …
A new Python package, llm-openai-via-codex 0.1a0, explicitly 'hijacks' Codex CLI credentials to route API calls through an unofficial OpenAI endpoint, bypassing standard API billing and access …
A critical SSRF vulnerability in LMDeploy (CVE-2026-33626), an open-source LLM deployment toolkit, was actively exploited within 13 hours of public disclosure, with attackers using the vision-language …
A compromised version of the Bitwarden CLI npm package was found stealing developer secrets, including configurations for AI coding tools such as Claude, Kiro, Cursor, Codex CLI, and Aider, as part of …
Unit 42 researchers discovered critical privilege escalation and data exfiltration vulnerabilities in Google Cloud Platform's Vertex AI Agent Engine, demonstrating how a deployed AI agent can be …