Advertisement

How Agentjacking Exploits AI Coding Agents via Fake Bug Reports
Researchers demonstrate 'Agentjacking,' a technique using indirect prompt injection to hijack AI coding agents through malicious GitHub bug reports.

GitHub to Disable npm Install Scripts by Default in Version 12
GitHub announces breaking changes for npm v12, disabling install scripts by default to prevent malicious code execution and enhance supply chain security.
Optimizing TPRM: Closing the Vendor Risk Performance Gap
Analyze the disconnect between third-party risk management perceptions and reality. Learn strategies to optimize TPRM performance and mitigate supply chain threats.

PAN-OS Exploitation and Linux Auth Flaws: Weekly Threat Recap
An analysis of active PAN-OS exploitation, a new Linux authentication flaw, and the rise of AI-powered OAuth phishing kits targeting enterprise environments.

Geopolitical Competition and Cyber Risks of Humanoid Robotics
Analysis of how global competition for humanoid robots and embodied AI introduces physical risks and supply chain vulnerabilities for organizations.
Glassworm Botnet Takedown: Disrupting Developer-Targeted Malware
CrowdStrike disrupts the Glassworm botnet, a campaign targeting software developers via malicious Python scripts to compromise proprietary source code.

Linux Vulnerabilities and Defender Zero-Days: Weekly Threat Recap
Weekly intelligence recap covering Linux flaws, Microsoft Defender zero-days, router botnets, and supply chain compromises targeting developer toolchains.
Grafana Codebase Stolen via TanStack Supply Chain Attack
Grafana confirms unauthorized access to private GitHub repositories after a developer token leaked in the TanStack breach was not rotated.
320+ @antv NPM Packages Compromised in Mini Shai-Hulud Attack
A maintainer account compromise has led to a major supply chain attack against Alibaba’s @antv NPM namespace, impacting over 320 visualization packages.
Cyber-Enabled Cargo Theft: How Phishing and Identity Theft Hijack Freight
Cyber-enabled cargo crime leverages stolen credentials and phishing to reroute freight, replacing traditional hijackings with digital fraud and identity theft.

Addressing High-Risk Security Blind Spots in the Modern SOC
Analysis of why critical alerts from WAF, DLP, and supply chain sources often go uninvestigated and how SOC teams can prioritize high-risk signals.

Linux Rootkits and macOS Crypto Stealers Surge in Supply Chain Attacks
Analysis of recent threats involving Linux rootkit persistence, macOS crypto-stealing malware, and the exploitation of poisoned supply chain downloads.