LIVE THREATS
LOW Welcoming Llama Guard 4 on Hugging Face Hub // HIGH Frontier agentic LLMs risk industrialising cyberattacks, but may also empower defenders. // HIGH TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden … // MEDIUM Hugging Face 'Spaces' now acts as an MCP-App-Store. Anybody thinking on the security … // CRITICAL An AI agent confesses after deleting a production database. The Oops! moment. // HIGH Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos // HIGH GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI … // MEDIUM Open source memory layer so any AI agent can do what Claude.ai and ChatGPT do // MEDIUM Python package 'llm-openai-via-codex 0.1a0' hijacks Codex CLI // CRITICAL LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure //
CI-CD-COMPROMISE

Ci-Cd-Compromise

1 report
All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Model Theft Jailbreaks Data Poisoning
TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden CLI cascade via compromised Docker image.
ATLAS OWASP HIGH Significant risk · Prioritise patching SANS Internet Storm Center ▲ 6.5

TeamPCP resumes supply chain attacks, poisoning xinference PyPI and triggering a Bitwarden CLI cascade via compromised Docker image.

The TeamPCP supply chain campaign resumed after a 26-day pause with three concurrent compromises targeting Checkmarx KICS (Docker Hub), xinference (a popular AI inference PyPI package), and a …

AML.T0010 - ML Supply Chain Compromise AML.T0019 - Publish Poisoned Datasets AML.T0047 - ML-Enabled Product or Service