OpenClaw: The Dangerous Magic of Autonomous AI
278
OpenClaw provides transformative automation but creates a 'Faustian bargain' where users trade their total digital security for the convenience of an autonomous AI assistant.
Snowflake Patches Critical Sandbox Escape and Malware Execution Flaw in Cortex AI
266
Snowflake Cortex Code CLI was vulnerable to a sandbox escape and human-in-the-loop bypass that allowed unauthorized malware execution via indirect prompt injection.
Vetting the Blast Radius: The AI Skills Security Index
A security database that evaluates and ranks the instructional risks and permission levels of AI agent skills to prevent exploitation.
Defending RAG Systems Against Knowledge Base Poisoning
Knowledge base poisoning is a persistent threat to RAG systems that is best countered by detecting semantic anomalies during the data ingestion process.
Claude AI Accelerates Firefox Security Research
628
Claude Opus 4.6's discovery of 22 Firefox vulnerabilities highlights a powerful, yet potentially temporary, AI-driven advantage for software defenders.
GPT-5.4 Thinking Sets New Safety Bar as First General-Purpose Model with Cybersecurity Mitigations
1019
GPT-5.4 Thinking is OpenAI's first general-purpose model with high-capability cybersecurity safety mitigations.
The $82,000 API Key: Why Billing Caps are Essential
A stolen Gemini API key led to an $82,000 bill in 48 hours, highlighting the urgent need for cloud billing limits.
The Hidden Security Costs of AI Vibe-Coding
140
AI-driven vibe-coding platforms are enabling the rapid deployment of apps that look functional but contain critical security flaws due to poorly generated backend logic.
Report: Acting CISA chief uploaded sensitive DHS files to ChatGPT, triggering review
435
Acting CISA chief allegedly uploaded sensitive DHS files to public ChatGPT, prompting a federal review amid a broader government push for AI.
Exploits at Scale: When Token Throughput Becomes the Bottleneck
265
Exploit development is becoming a token-limited, scalable process with LLMs, so we must prepare and demand real-target, high-budget evaluations.
Recent insights on BGP anomalies, zombies, and AS-SET monitoring
485
Stronger routing hygiene—validation, filtering, and monitoring—helps operators prevent and diagnose BGP leaks, zombie routes, and AS-SET issues.
Supply‑Chain XSS in Mintlify Let Attackers Run JS on Discord, X, and More
1167
An exposed Mintlify static endpoint let malicious SVGs run on customer primary domains, creating a widespread supply-chain XSS affecting Discord, X, and many others.
OpenAI Launches GPT-5.2-Codex for Advanced Agentic Coding and Cyber Defense
589
OpenAI’s GPT-5.2-Codex pushes agentic coding and defensive cyber forward while rolling out with stricter safeguards and gated access.
React RSC: Update Now to Patch DoS and Source Leak (CVE-2025-55184, -55183)
346
Update your RSC stack now: fixed react-server-dom versions patch a DoS and source code leak that affect many frameworks, though no new RCE is possible.
Critical Next.js RCE via React Server Components—Update Now
628
Critical RCE in React Server Components affects Next.js App Router; upgrade to the listed patched versions now.
First AI-Agent Orchestrated Cyber Espionage Disrupted; Defense Must Adapt
376
AI agents have enabled near-autonomous, state-linked cyber espionage at scale, forcing a rapid shift toward AI-powered cyber defense and stronger safeguards.
Bots Overwhelmed Bear’s Reverse Proxy—What Broke and How It’s Now Hardened
209
Aggressive scrapers overwhelmed Bear’s reverse proxy, prompting a hardening of monitoring, capacity, and bot controls in an ongoing battle with hostile bot traffic.
A One-Line Backdoor: postmark-mcp MCP Server Quietly BCCs Your Emails
308
A trusted MCP email tool quietly added a BCC backdoor and has been siphoning thousands of emails, exposing a fundamental security gap in the MCP ecosystem.
Shai-Hulud: Self‑Spreading npm Backdoor Hits tinycolor and 40+ Packages
1233
A self-propagating npm attack backdoored @ctrl/tinycolor and 40+ packages to steal multi-cloud and GitHub secrets, persist via Actions workflows, and exfiltrate data—demanding immediate removal, credential rotation, and CI/CD hardening.
Anthropic Details How Agentic AI Is Powering Modern Cybercrime—and Its Steps to Stop It
141
AI’s advanced, agentic capabilities are being weaponized across the cybercrime lifecycle, prompting Anthropic to tighten safeguards and collaborate widely to counter abuse.