The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...
SecurityWeek

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...
GamingOnLinux

Linux security flaws Dirty Frag and Copy Fail are a good reminder to stay up to date

Have you run your Linux distribution updates recently? You probably should, because Dirty Frag and Copy Fail are coming for ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

'PCPJack' cloud worm hijacks TeamPCP hacker infrastructure

Named PCPJack, the framework was discovered on April 28 by a hunting rule on Google's VirusTotal malware scanning service ...
Tech.eu

Meet the French startup fixing the guardrail gap holding enterprise AI back

As Europe pushes for sovereign AI infrastructure, Giskard is securing enterprise AI agents against manipulation, unsafe ...
The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

Virtualization news | The Register

Judge agrees with Virtzilla's argument that the case should be heard in the US, not Germany On-prem control planes, dark-site ...
Security Info WatchOpinion

Why Point-in-Time Assessments Fail and What Must Replace Them

The rise of AI services, rapid software updates and unseen third-party data flows is exposing the limits of annual vendor ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Hotel Technology News

Why Hotel AI Adoption Is Moving Faster Than Security Controls and Increasing Risk Exposure

It took 527 stolen credentials to leak the data of over 5 million guests. In March 2026, CyberNews discovered that an ...