3+ day, 6+ hour ago  (477+ words) The malware spreads by injecting fake automated commits into Git Hub repositories. Once a repository owner merges the commit, the malware executes inside their CI/CD pipeline and propagates further. Big thanks to Safe Dep for uncovering this malicious campaign....

5+ day, 7+ hour ago  (1573+ words) Software supply chains got complicated fast. Your applications now rely on hundreds of open-source packages, third-party components, containers, and build pipelines that change every day. Software Bills of Materials (SBOMs) promised visibility into that complexity " a clear inventory of what's…...

5+ day, 17+ hour ago  (600+ words) There's not much to say about the Shai-Hulud malware and its variants that we didn't already say before (Team PCP Copycats Are Here, Team PCP Leak Shai-Hulud Source, Tan Stan Shai-Hulud Compromise, SAP Compromise, Bitwarden CLI Compromise). We suspect that…...

1+ week, 4+ hour ago  (490+ words) These malicious packages contain infostealer malware, one of which is a Shai-Hulud clone following the Team PCP open source release, and one DDo S botnet package. Four new malicious npm packages were detected and reported by OX Security in the…...

1+ week, 5+ day ago  (434+ words) TL; DR: The OX Research team discovered three vulnerabilities " two in widely used open-source MCPs and one in Archon OS, an open-source AI management platform. Two were assigned CVEs: CVE-2025-65719 and CVE-2025-69443. A third was rejected by Microsoft as working…...

1+ week, 5+ day ago  (270+ words) Shai-Hulud is a self spreading malware, which we extensively researched and wrote about due to its widespread impact. Recent attacks and infections included " Py Torch Lightning & Intercom-Client, SAP npm Packages, and Bitwarden CLI. This latest variant affecting Mistral AI, Open Search…...

2+ week, 3+ day ago  (1572+ words) AI application security is about securing how AI-powered software behaves in production, including the models it uses and the infrastructure it runs on. In large organizations, AI now shapes control flow, data access, and execution paths inside applications. As a…...

2+ week, 4+ day ago  (1758+ words) Security at this scale has to be in real-time, contextual, and built into the software delivery lifecycle, not bolted on after the fact. Google's Cybersecurity Forecast 2026 reinforces this trajectory. It highlights how adversaries will use AI to scale attacks and…...

3+ week, 3+ day ago  (281+ words) Currently 2. 6. 2 and 2. 6. 3 are quarantined. Revert to 2. 6. 1 or lower. The Python package lightning was infected by a new Shai-Hulud variant uploaded to Py PI. The variant transforms from running Python to running Java Script, and deploys the same infostealer logic seen…...

3+ week, 6+ day ago  (1582+ words) Your developers are already using AI to write code. Tools generate functions, dependencies, CI workflows, even infrastructure configurations in seconds. Software moves from idea to production faster than ever " but the security processes around it were designed for a very…...