Cloudflare added a two-stage GNN+LLM cascade to its client-side malicious script detection, reducing false positives per unique script from 1.39% to 0.007% and opening the formerly paid Advanced features to self-serve customers.
A fake dependency plain-crypto-js was injected into axios 1.14.1 and 0.30.4 to install a RAT dropper via a postinstall hook. Complete attack chain from maintainer account compromise to C2 communication and self-deletion.
CVE-2026-22812 (CVSS 8.8) and CVE-2026-22813 (CVSS 9.4) were disclosed in the open source AI coding agent "OpenCode". Shell commands are executed via XSS of an unauthenticated HTTP server and Markdown renderer. The PoC has been published, with over 220,000 instances exposed online.
FSB-affiliated attack group TA446 adopted the DarkSword iOS exploit kit leaked on GitHub to distribute GHOSTBLADE malware through spear phishing disguised as the Atlantic Council. Targets include Russian dissidents, government and educational institutions.
Citrix NetScaler ADC / Gateway's CVSS 9.3 out-of-bounds read in SAML IdP configurations is already being scanned by attackers looking for authentication-flow enumeration opportunities.
F5 BIG-IP APM vulnerability CVE-2025-53521, a CVSS 9.8 unauthenticated RCE, was added to CISA's KEV catalog. It had originally been classified as DoS, but was reclassified after a China-linked APT that compromised F5's network stole source code and vulnerability details. Federal agencies must respond by March 30, 2026.
On March 27, 2026, telnyx Python SDK v4.87.1/4.87.2 was contaminated with PyPI. TeamPCP collects authentication information for OpenAI, Anthropic, AWS, and GCP by hiding payloads in WAV files. 742K downloads per month.
Three independent vulnerabilities were disclosed in LangChain Core and LangGraph: deserialization that can leak secrets, SQL injection that exposes conversation history, and path traversal that allows arbitrary file reads.
After supply-chain attacks against tj-actions and Trivy, GitHub published a plan to reduce the attack surface of CI/CD pipelines through dependency locking, scoped secrets, and Layer 7 egress firewalls.
A six-phase attack chain showing how the China-linked GTG-1002 group used Claude Code through MCP for autonomous espionage, plus GitHub Copilot's policy change to start using user code for AI training on April 24.
LiteLLM 1.82.7 and 1.82.8 were poisoned on PyPI for about 46 minutes. TeamPCP stole a PyPI token through Trivy's CI/CD and injected malware that collects more than 50 credential types, including SSH keys, AWS, Kubernetes, and Docker secrets.
Composio publishes security analysis of OpenClaw. Approximately 7.1% of SkillHub-distributed skills were found to have critical vulnerabilities, leaving over 30,000 instances exposed to the internet in the early stages at risk of prompt injection and credential theft.