One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
CSO Online

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
CoinDesk

Kelp claims that LayerZero approved the setup it blamed for $292 million bridge hack

The $292M exploit, linked to North Korea's Lazarus Group, led Kelp to migrate its rsETH off LayerZero's OFT standard to ...

The 10-gate AI search pipeline: Find where your content fails

AI search is a multiplicative system where one weak signal limits results. Diagnose bottlenecks, prioritize fixes, and ...
SecurityWeek

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs

Threat actors are exploiting critical vulnerabilities in MetInfo CMS and Weaver E-cology for unauthenticated, remote code ...