Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...

AI coding agent skills library claude-skills ships 345 free, MIT-licensed packages for Claude Code, Codex, Cursor, Gemini CLI ...

Claude Code is most useful in my home lab when I give it boring chores.

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...

OpenAIは6月19日、macOS版のAIエージェント「Codex」アプリに、繰り返しの作業を実演して教えられる新機能「Record＆Replay」を発表した。自動化したい操作を一度やって見せると、Codexがそれを再利用できる「スキル」に変換する ...

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...