Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Decrypt

Linux Foundation, Tech Giants Launch Akrites to Defend Open Source Against AI-Powered Attacks

Akrites is a coalition of 19 organizations, including every major AI lab and Wall Street banks, built to defend open-source ...
CSO Online

Hackers exploit critical PTC Windchill PLM software flaw

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...
Dark Reading

More Malicious OpenClaw Skills Threaten AI Supply Chain

OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security even though they included ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
SecurityWeek

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances

PixelSmash is a vulnerability in the FFmpeg framework that can be exploited via crafted media files for remote code execution ...