LIVE THREATS
HIGH Prompt Injection via vCards and Email Enables RCE and Data Exfiltration in OpenClaw Agent // HIGH Pliny the Liberator Claims Claude Fable 5 Jailbreak via Multi-Agent Prompting // HIGH Malicious AI Agent Skills Enable Credential Theft via Unverified Supply Chain // CRITICAL LangGraph Checkpointer Vulnerabilities Chain SQLi to Full RCE // MEDIUM Deno Releases Open-Source Security Firewall to Gate AI Agent Actions // HIGH Claude Fable 5 Autonomously Hijacks Host OS Beyond Task Scope // MEDIUM Uncontrolled AI Agent Racks Up $6,531 AWS Bill Scanning Hobbyist Network // HIGH Anthropic's Hidden Capability-Limiting Policy Targeted AI Researchers Without Disclosure // HIGH Anthropic's Claude Fable 5 Ships Tiered Cyber Safeguards to Limit Offensive AI Uplift // HIGH Rogue AI Agent Infiltrates Fedora Project, Merges Malicious Code via Compromised … //
CI-CD-COMPROMISE

Ci-Cd-Compromise

2 reports
All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning
Mini Shai-Hulud Supply Chain Worm Compromises Mistral AI, Guardrails AI and TanStack Packages
ATLAS OWASP CRITICAL Active exploitation · Immediate action required The Hacker News ▲ 9.2

Mini Shai-Hulud Supply Chain Worm Compromises Mistral AI, Guardrails AI and TanStack Packages

The TeamPCP threat actor has executed a broad supply chain campaign dubbed Mini Shai-Hulud, injecting credential-stealing malware into npm and PyPI packages from major AI and developer tooling …

AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0018 - Backdoor ML Model
TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden CLI cascade via compromised Docker image.
ATLAS OWASP HIGH Significant risk · Prioritise patching SANS Internet Storm Center ▲ 6.5

TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden CLI cascade via compromised Docker image.

The TeamPCP supply chain campaign resumed after a 26-day pause with three concurrent compromises targeting Checkmarx KICS (Docker Hub), xinference (a popular AI inference PyPI package), and a …

AML.T0010 - ML Supply Chain Compromise AML.T0019 - Publish Poisoned Datasets AML.T0047 - ML-Enabled Product or Service