New PCPJack worm steals credentials, cleans TeamPCP infections

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
Dark Reading

After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets

PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
Analytics Insight

Building better document solutions: a developer’s review of ONLYOFFICE Docs

Digital workplaces today function as interconnected systems that require document editing and collaboration tools to work together. These two elements create the ...

OpenAI’s Codex just moved into Chrome, where the useful work and the risks live

OpenAI’s Codex Chrome extension pushes the coding agent into signed-in browser work, making it more useful for real tasks while raising new questions about access, approvals, and agentic AI risk.