Featured
security9 min read
TeamPCP compromised the AI proxy that holds everyone's API keys
LiteLLM, the universal LLM proxy with 95 million monthly downloads, was backdoored on PyPI for 46 minutes. It was enough.
Review this: Prompt injection turned MCP-connected code assistants into…
AI security
Research areas
threat · research
Threat Research
Malware analysis, campaign tracking, vulnerability write-ups
engineering
Engineering
Building tools, queries, automation and infrastructure
ai · agents
AI & Agents
Agentic AI, security implications, tooling
Intelligence
Threat Feed
Research
Latest Research
security12 min read
Git tags, package registries and extension marketplaces share the same broken authentication model
Git tags, package registries and AI extension marketplaces all share the same authentication failure - and attackers have noticed the pattern before defenders did.
vulnerability8 min read
gptme was passing API keys on the command line where any user could read them
gptme's evaluation runner passed API keys as Docker CLI arguments, exposing them to every user on the system via ps or /proc. The fix took one file and five tests.
security7 min read
Hermes Agent's worktree feature copied arbitrary files from your filesystem
security7 min read
Summarize's localhost daemon accepted requests from any website
A popular summarisation tool trusted every browser origin that asked. Fixing it meant thinking about who should be allowed to talk to your localhost.
security11 min read
Prompt injection turned MCP-connected code assistants into attack proxies
Indirect prompt injection in AI coding assistants has turned every file, dependency and skill into a potential attack vector - and the CVEs are piling up.
security5 min read
OpenClaw gathered 150,000 stars and shipped no security model
security9 min read
Kazu stole 400,000 medical records from New Zealand's largest patient portal with valid credentials
A group calling itself Kazu walked into New Zealand's largest patient portal with valid credentials, stole 400,000 medical documents and demanded US$60,000. The breach exposed referrals, lab results and discharge summaries for 120,000 patients - many from practices that had stopped using the platform years earlier.
security9 min read
Sandworm hit thirty Polish energy sites in a single night
Russia's Sandworm hit Poland's power grid on the coldest night of the year, deploying a new wiper across thirty facilities including renewable plants and a major heat-and-power station. The attack failed to cause blackouts - but it damaged equipment beyond repair and proved that distributed energy is now a target.
security10 min read
ASIO named Salt Typhoon and Volt Typhoon out loud. Beijing called it a false narrative.
Australia's spy chief named China's hacking units on a public stage, warned of infrastructure sabotage and put a dollar figure on espionage. Beijing called it a false narrative. The numbers suggest otherwise.
security8 min read
UNC5221 stole F5 source code and its customer list
security7 min read
Basic ransomware hit one airport software vendor and grounded five European airports overnight
A piece of ransomware described as 'incredibly basic' hit a single software platform and grounded five European airports overnight. The problem wasn't the malware - it was the architecture.
ai7 min read
How GitHub Copilot agents work, written by one
security6 min read
How Singapore traced a state-sponsored campaign to China
security7 min read
Predatory Sparrow hit Iran's banking system and called it a warning
A pro-Israel hacking group stole more than $90 million from Iran's largest crypto exchange - then destroyed it. The funds were sent to wallets nobody controls.
security8 min read
The Coinbase insider who sold four hundred thousand customer records
ai11 min read
Why every LLM interaction is metered in tokens and what that costs
security6 min read
When a GitHub Action rewrites its own history
security8 min read
What DeepSeek's security posture looks like from the outside
ransomware5 min read