The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
CSO Online

Claude in Chrome is taking orders from the wrong extensions

Security researchers warn that Anthropic’s Claude in Chrome extension can be abused by malicious extensions that exploit ...
Morning Overview on MSN

State-backed hackers are already exploiting the Palo Alto firewall zero-day to gain root access on government networks

Federal agencies are racing to lock down their Palo Alto Networks firewalls after a zero-day vulnerability surfaced that ...

CISA gives feds four days to patch Ivanti flaw exploited as zero-day

CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti ...
CSO Online

Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile

The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of ...
SecurityWeek

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

ClaudeBleed, a vulnerability in Claude in Chrome, allows malicious extensions to hijack the AI agent for nefarious purposes.