Advertisement

AI Agents Vulnerable to Data Leak via Poisoned MCP Tools
Microsoft warns that malicious tool descriptions for AI agents can lead to stealthy data exfiltration, bypassing security controls by mimicking routine actions.
Bash Tricks Exploit AI Agents: Supply Chain Attack Risk Analysis
Analysis of how decades-old Bash shell vulnerabilities can bypass safeguards in AI coding agents, enabling supply chain attacks via malicious repositories.
Claude Code Indirect Prompt Injection: Hijacking Developer Machines
Researchers demonstrate a new attack method leveraging indirect prompt injection in Claude Code, enabling the hijack of developer machines via malicious code in
AI Agent Malware Evasion: Hidden Payloads via GitHub Repos
Novel technique exploits AI coding agents to execute undetectable malware from clean GitHub repositories, bypassing security scanners and human review.
Klue-Salesforce Breach Exposes Competitive Data; Threat Actors Hacked
Klue's Salesforce instance breach exposed customer competitive intelligence and contact data via an API vulnerability. The initial attackers were subsequently
Amazon Q Flaw: Cloud Credential Theft via Malicious Repositories
AWS patches a critical Amazon Q flaw enabling cloud credential theft via malicious repositories. Understand its impact and recommended mitigations.

Cordyceps CI/CD Flaws: Supply Chain Attacks on GitHub Repositories
Novee Security uncovered Cordyceps, a critical CI/CD workflow flaw exposing over 300 GitHub repositories to supply chain compromise, affecting major organizations.

ShapedPlugin Supply Chain Attack: WordPress Pro Plugins Backdoored
Attackers compromised ShapedPlugin's distribution pipeline to inject backdoors into Pro WordPress plugins. Learn how to detect and remediate this supply chain threat.
North Korean Sapphire Sleet Compromises 140+ Mastra AI npm Packages
Microsoft attributes the Mastra AI supply chain attack to Sapphire Sleet (BlueNoroff), involving 140+ malicious npm packages targeting AI developers.
Klue OAuth Breach: Icarus Threat Group Targets Salesforce
Klue confirms an OAuth token breach by the Icarus group, potentially exposing customer Salesforce environments. Learn how to secure your integrations.

Klue Security Incident: Mitigating Third-Party Risk in Intelligence
Analyze the impact of the Klue security incident on Recorded Future. Learn how to secure SaaS integrations and improve third-party vendor risk management.
Nintendo Confirms Third-Party TinyPulse Data Breach — Supply Chain Risks
Nintendo confirms employee survey data was stolen via a breach at TinyPulse, a third-party vendor owned by WebMD subsidiary Internet Brands.