Anatomy of a Failed (Nation-State?) Attack
A security researcher narrowly avoided a nation-state-style attack after receiving a fake job interview email that led to a malicious TypeScript repository. The attacker used a fabricated persona and …
A security researcher narrowly avoided a nation-state-style attack after receiving a fake job interview email that led to a malicious TypeScript repository. The attacker used a fabricated persona and …
Unit 42 researchers discovered a malicious campaign between February and May 2026 targeting OpenClaw's ClawHub marketplace, where attackers published skills like 'tradingview-ai-indicator-assistant' t…
Palo Alto Networks Unit 42 researchers discovered five malicious skills on OpenClaw's ClawHub marketplace between February and May 2026, including infostealers, evasion techniques, and novel agentic t…
Engineering teams must treat AI systems as interconnected software supply chains, applying lifecycle-phase security controls like signed artifacts and zero trust to mitigate risks such as data poisoni…
NVIDIA open-sourced SkillSpector, a security scanner for AI agent skills, to address vulnerabilities like prompt injection and tool poisoning. Research shows 26.1% of 42,447 skills had vulnerabilities…
A campaign of roughly 10,000 GitHub repositories has been distributing Trojans for over a year by cloning legitimate projects, injecting malicious download links, and evading detection through commit-…
VirusTotal security check results for the Hugging Face website show that 1 out of 92 security vendors flagged the URL as malicious, indicating a low but present risk.…
Google was named a Leader in the 2026 IDC MarketScape for Worldwide SIEM Vendor Assessment, recognizing its Google Security Operations platform. The platform integrates Mandiant expertise, AI agents, …
A developer hardened the REST API boundaries in Cisco's skill-scanner repository, a tool for scanning Agent Skill packages, by adding authentication, rate limiting, and input validation. The hardening…
OpenClaw has partnered with NVIDIA to strengthen security for AI agent skill files, integrating NVIDIA's SkillSpector scanner and Skill Card trust artifacts into its ClawHub registry. The collaboratio…
Avai, an open-source host telemetry tool that uses large language models to classify threats, has been released. The tool snapshots 26 system corners on macOS and 21 on Linux, enriches findings with u…
Relying on autonomous OSINT (Open Source Intelligence) AI agents, which are gaining popularity in Japanese security communities, leads to "skill atrophy" among human analysts. It describes a "Skeleton…
As AI coding agents become deeply embedded in developer workflows, the attack surface now extends beyond source code to include repository files, agent instructions, runtime settings, and extension pa…