LIVE FEED
AutoGen Studio RCE: AutoJack Exploit Chain Targets Developers

AutoGen Studio RCE: AutoJack Exploit Chain Targets Developers

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 9.1 The Hacker News

Microsoft researchers disclosed AutoJack, an exploit chain targeting AutoGen Studio's MCP WebSocket endpoint that allows a single malicious web page to execute arbitrary commands on a developer's host machine via an AI browsing agent. The attack chains three distinct weaknesses — localhost trust bypass, missing authentication on MCP paths, and unsanitised command execution — requiring no credentials or user interaction beyond the agent loading the attacker's URL. While the vulnerable handler was not included in stable PyPI releases, it shipped in two pre-release builds that remain unyanked, leaving anyone who installed those versions exposed.

Miasma Worm Compromises 73 Microsoft NPM Packages for AI Agents

Miasma Worm Compromises 73 Microsoft NPM Packages for AI Agents

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 Ars Technica Security

Seventy-three Microsoft-hosted open source packages were compromised with the Miasma credential-stealing worm, which activates specifically when developers open packages inside AI coding agents. The malware, attributed to threat actor TeamPCP, exploits legitimate OIDC token workflows and SLSA provenance attestation to bypass supply-chain integrity checks and spread laterally across cloud infrastructure. This marks the second such compromise of an official Microsoft repository in as many months, indicating a sustained campaign targeting developer toolchains and the AI-assisted development pipeline.

PyTorch Lightning Package Backdoor Steals Developer Credentials

PyTorch Lightning Package Backdoor Steals Developer Credentials

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 BleepingComputer

A malicious version of PyTorch Lightning (v2.6.3) was published to PyPI, embedding a hidden execution chain that silently downloads a JavaScript runtime and executes a heavily obfuscated credential-stealing payload dubbed 'ShaiWorm'. The attack targeted AI/ML developers who use this popular deep learning framework, exposing cloud credentials, API keys, browser-stored secrets, and GitHub tokens. The package has since been reverted to a safe version, but any developer who imported the compromised version should rotate all secrets immediately.

litellm Supply Chain Attack: PyPI .pth File Injection

litellm Supply Chain Attack: PyPI .pth File Injection

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Schneier on Security

A malicious supply chain attack was discovered in litellm version 1.82.8, a widely-used Python library that serves as a unified interface for interacting with large language model APIs. The compromised package contained a hidden .pth file executing arbitrary code on every Python interpreter startup, meaning any developer or AI system relying on litellm could be silently compromised without triggering an explicit import. Given litellm's central role in LLM-powered application stacks, this attack vector poses significant risk to AI pipeline integrity, credential theft, and downstream model infrastructure.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.