One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, ...
Bleeping Computer

Apiiro unveils free scanner to detect malicious code merges

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two ...
Infosecurity Magazine

Trellix Reveals Unauthorized Access to Source Code

A leading US cybersecurity vendor has been breached by threat actors who managed to access its source code, it has been ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...