Audit summarize for security issues
Latest intel
View all →Trending on GitHub
· this weekFixes shipped
Research
MCP-based AI orchestration moves OAuth tokens, access grants and memory persistence into the same execution path. Credential handling is now the weakest link in the AI supply chain.
May 2026 supply-chain compromises showed that poisoned developer tooling now targets the identity and execution layer before code reaches a repository.
Credential harvesting against npm, PyPI and Docker Hub has turned developer identity into supply-chain infrastructure, with package registries now functioning as distribution systems for stolen trust.
Threat Feed
liveSupply chain compromise has shifted from stealing credentials to poisoning package ecosystems through compromised CI/CD systems, maintainer accounts and trusted execution paths.
More research
Google Project Zero's Pixel 10 zero-click chain shows how Android hardening changes exploit shape without removing reachable attack surface in media parsing and device drivers.
CI/CD compromise is moving away from poisoned dependencies alone and towards the infrastructure that builds, signs and releases trusted software.
Recent vm2, NodeVM and Ollama flaws show a recurring failure pattern: developer-friendly JavaScript isolation is being treated as a hard security boundary when the runtime was never designed to provide one.
A threat model analysis of Project NOMAD PR #823, where a hardcoded benchmark HMAC secret was a valid CWE-798 finding but the maintainer was right that client-side relocation was not enough.
operacle/checkcle persisted PocketBase authentication JWTs in localStorage, making token theft trivial after any same-origin script execution. PR #224 replaces local persistence with an in-memory auth store.
Checkmarx KICS, npm Bitwarden CLI packages and GlassWorm show how supply chain compromise has moved from poisoned code to weaponised developer trust.
A compromised AI productivity tool called Context.ai gave attackers OAuth access to a Vercel employee's Google Workspace, pivoting into internal systems. The AI tool supply chain is the new CI/CD supply chain.
Eighteen months of supply chain attacks against AI infrastructure reveal a structural pattern: the build pipeline, the package registry and the runtime protocol all share the same trust model failure.
Supply-chain compromise is no longer opportunistic. Self-replicating NPM worms, coordinated developer phishing and credential-harvesting pipelines show an attack class that has industrialised faster than the defences meant to contain it.
Modern frameworks keep reimplementing the same seven authentication bypass patterns. From hardcoded credentials to missing origin checks, the bugs are structural, not accidental, and the AI tooling boom is accelerating the cycle.
CVE-2025-10492, a CVSS 9.8 Java deserialisation flaw in the Jasper Report component of Hitachi Energy Ellipse, enables unauthenticated RCE on critical manufacturing systems. No patch exists for the community edition of the underlying library.
CVE-2026-27663 and CVE-2026-27664 affect shared firmware components across Siemens SICAM A8000, EGS and S8000 product lines, enabling unauthenticated denial of service in power grid infrastructure.
AI orchestration platforms like LangFlow and n8n are accumulating critical RCE vulnerabilities because their architectures treat user-supplied configuration as trusted code.
CVE-2026-3356 exposes a design-level authentication failure across Anritsu's entire Remote Spectrum Monitor line. CVSS 9.3, all versions affected, no fix planned.
CVE-2026-3055, a critical out-of-bounds read in Citrix NetScaler ADC and Gateway, is being actively exploited. CISA has added it to the KEV catalog.
CVE-2026-3055, a CVSS 9.3 memory overread in Citrix NetScaler ADC and Gateway configured as SAML IDPs, is drawing active reconnaissance. Attackers are probing authentication endpoints to identify vulnerable appliances.
CISA added CVE-2025-53521 to the Known Exploited Vulnerabilities catalog on 27 March 2026 after confirming active exploitation of this CVSS 9.8 RCE in F5 BIG-IP. Affected versions span three major branches.
AI agent frameworks and deployment tools keep shipping the same environment variable injection patterns that operational tooling solved years ago. The gptme fix was one project. The pattern is everywhere.
Attackers compromised Stryker's Microsoft Entra credentials and used Intune to remotely wipe tens of thousands of employee devices. No malware was deployed. CISA responded with an emergency hardening advisory.
PraisonAI's schedule config YAML could set LD_PRELOAD, PATH and 26 other dangerous environment variables with no validation. The fix adds a blocklist and fail-closed validation.
Git tags, package registries and AI extension marketplaces all share the same authentication failure - and attackers have noticed the pattern before defenders did.
gptme's evaluation runner passed API keys as Docker CLI arguments, exposing them to every user on the system via ps or /proc. The fix took one file and five tests.
A popular summarisation tool trusted every browser origin that asked. Fixing it meant thinking about who should be allowed to talk to your localhost.
Indirect prompt injection in AI coding assistants has turned every file, dependency and skill into a potential attack vector - and the CVEs are piling up.
A group calling itself Kazu walked into New Zealand's largest patient portal with valid credentials, stole 400,000 medical documents and demanded US$60,000. The breach exposed referrals, lab results and discharge summaries for 120,000 patients - many from practices that had stopped using the platform years earlier.
Russia's Sandworm hit Poland's power grid on the coldest night of the year, deploying a new wiper across thirty facilities including renewable plants and a major heat-and-power station. The attack failed to cause blackouts - but it damaged equipment beyond repair and proved that distributed energy is now a target.
Australia's spy chief named China's hacking units on a public stage, warned of infrastructure sabotage and put a dollar figure on espionage. Beijing called it a false narrative. The numbers suggest otherwise.
