Skip to content
Latest
Jscrambler npm Compromise Shows Build Pipelines Need Runtime ControlsGhost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue

Category Archive

AI (General)

30 reports · All intelligence

Bulwark Black cyber threat intelligence filed under AI (General).

AI (General)
Leaky iOS AI Apps Show Mobile AI Needs Real API Gateways
AI (General)·

Leaky iOS AI Apps Show Mobile AI Needs Real API Gateways

A study of iOS AI chatbot apps found widespread exposure of API keys, open AI proxy access, and replayable tokens. The fix is not another client-side secret workaround; it is real backend authentication, scoped tokens, monitoring, and key isolation.

AI (General)
Clean Repos Can Still Burn Developer Machines When AI Agents Trust Runtime Setup
AI (General)·

Clean Repos Can Still Burn Developer Machines When AI Agents Trust Runtime Setup

A clean-looking repository can still become dangerous when an AI coding agent follows setup instructions and executes runtime-fetched configuration. Here is how teams should defend developer workflows.

AI (General)
Mastra npm Compromise Shows AI Frameworks Are Supply-Chain Targets
AI (General)·

Mastra npm Compromise Shows AI Frameworks Are Supply-Chain Targets

Microsoft linked the Mastra AI npm package compromise to North Korean actor Sapphire Sleet. Here is what SMBs and government contractors should do about AI framework supply-chain risk.

AI (General)
AutoJack Shows AI Browsing Agents Need Localhost Boundaries
AI (General)·

AutoJack Shows AI Browsing Agents Need Localhost Boundaries

Microsoft’s AutoJack research shows how a malicious webpage can abuse an AI browsing agent’s access to localhost services. The defensive lesson: treat agent control planes, MCP servers, and local tool runners like privileged admin surfaces.

AI (General)
Outsider Enterprise Shows AI-Powered Phishing Is Now Industrial Infrastructure
AI (General)·

Outsider Enterprise Shows AI-Powered Phishing Is Now Industrial Infrastructure

The Outsider Enterprise takedown shows AI-powered phishing is now industrial infrastructure. SMBs and government contractors should prioritize phishing-resistant MFA, identity recovery controls, and rapid session revocation.

AI (General)
Shai-Hulud Shows AI Package Scanners Need Prompt-Injection Boundaries
AI (General)·

Shai-Hulud Shows AI Package Scanners Need Prompt-Injection Boundaries

Zscaler ThreatLabz says the Shai-Hulud campaign has expanded across package ecosystems and introduced prompt-injection tactics aimed at automated AI security triage. The defense lesson is simple: treat package content as hostile input, even when an LLM is doing the review.

AI (General)
MaXSS and Spyder Show AI Browser Extensions Are an Endpoint Risk
AI (General)·

MaXSS and Spyder Show AI Browser Extensions Are an Endpoint Risk

Rebora disclosed MaXSS and Spyder, two critical flaws in AI browser-extension side panels. The lesson for SMBs and government contractors: browser extensions are endpoint software with identity-session reach and need governance.

AI (General)
LangGraph Checkpointer Bugs Show AI Agent Memory Is Backend Attack Surface
AI (General)·

LangGraph Checkpointer Bugs Show AI Agent Memory Is Backend Attack Surface

Check Point Research disclosed LangGraph checkpointer flaws that could turn user-controlled state-history filters into SQL injection, unsafe deserialization, and remote code execution. The lesson for SMBs and government contractors: AI agent memory is application infrastructure,

AI (General)
ChatGPT Lockdown Mode Shows Prompt Injection Defense Is About Egress Control
AI (General)·

ChatGPT Lockdown Mode Shows Prompt Injection Defense Is About Egress Control

OpenAI’s ChatGPT Lockdown Mode is a useful reminder that prompt-injection defense is not just about model behavior. It is about limiting outbound paths, connector permissions, and tool access around sensitive work.

AI (General)
Agentic AI Failure Modes Show Why AI Tools Need Supply-Chain Controls
AI (General)·

Agentic AI Failure Modes Show Why AI Tools Need Supply-Chain Controls

Microsoft’s updated agentic AI failure-mode taxonomy turns AI agents into a practical security architecture problem: plugins, prompts, memory, browser use, and human approvals all need controls.

AI (General)
AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem
AI (General)·

AI-Assisted Ransomware Tooling Shows EDR Evasion Is Now an Iteration Problem

Sophos observed ransomware-linked operators using AI-assisted development workflows to accelerate EDR evasion testing and Active Directory discovery. The defensive lesson: validate controls, harden identity, and monitor behavior before attackers iterate around your tooling.

AI (General)
Meta AI Support Bot Abuse Shows Account Recovery Is Part of the Identity Perimeter
AI (General)·

Meta AI Support Bot Abuse Shows Account Recovery Is Part of the Identity Perimeter

Attackers reportedly abused Meta’s AI support assistant during Instagram account recovery. The lesson for SMBs and contractors: recovery workflows are identity infrastructure and need MFA, monitoring, and guardrails.

AI (General)
Poisoned Search and AI Recommendations Turn Utility Downloads Into RMM Access
AI (General)·

Poisoned Search and AI Recommendations Turn Utility Downloads Into RMM Access

Microsoft reported a cryptojacking campaign that uses poisoned search results, AI-surfaced software recommendations, fake utility downloads, and abused ScreenConnect access. Here is what SMBs and government contractors should defend first.

AI (General)
Patriot Bait Shows AI-Enabled Fraud Can Turn Trust Into Attack Surface
AI (General)·

Patriot Bait Shows AI-Enabled Fraud Can Turn Trust Into Attack Surface

Trend Micro’s Patriot Bait research shows how one operator used AI assistance, social trust, WordPress credential attacks, and crypto fraud infrastructure to scale a low-cost cybercrime operation.

AI (General)
AI Agent Governance Is Becoming a Security Control, Not a Nice-to-Have
AI (General)·

AI Agent Governance Is Becoming a Security Control, Not a Nice-to-Have

AI agents now operate with real credentials inside business systems. Here is how SMBs and government contractors should govern identity, authority, action, and evidence before agentic workflows become unmanaged risk.

AI (General)
SGLang RCE Flaws Show AI Inference Servers Need Real Network Isolation
AI (General)·

SGLang RCE Flaws Show AI Inference Servers Need Real Network Isolation

CERT/CC disclosed three SGLang vulnerabilities affecting AI inference deployments, including remote code execution and path traversal risks. Here is what SMBs and government contractors should do now.

AI (General)
AI Literacy Needs Fundamentals: Teaching Technology in the Real World
AI (General)·

AI Literacy Needs Fundamentals: Teaching Technology in the Real World

Albert LaScola reflects on teaching database systems, governance, risk management, and AI literacy through a fundamentals-first approach shaped by Navy operations, security work, Bulwark Black, and Rural Tech and Support.

AI (General)
Exposed AI Apps Turn Misconfiguration Into RCE Risk
AI (General)·

Exposed AI Apps Turn Misconfiguration Into RCE Risk

Microsoft warns that publicly exposed AI apps, MCP servers, and Kubernetes-hosted agent tooling can turn weak defaults into practical paths for RCE, credential theft, and data exposure.

AI (General)
Fake OpenAI Hugging Face Repo Shows AI Supply Chain Risk Is Already Here
AI (General)·

Fake OpenAI Hugging Face Repo Shows AI Supply Chain Risk Is Already Here

A fake OpenAI Privacy Filter repository on Hugging Face delivered Windows infostealer malware. Here is what SMB and gov-contractor defenders should take from it.

AI (General)
MCP Server Command Injection Shows Why AI Tools Need Real Isolation
AI (General)·

MCP Server Command Injection Shows Why AI Tools Need Real Isolation

A critical GitHub advisory for @profullstack/mcp-server shows how unsafe AI tool endpoints can turn domain lookup functionality into unauthenticated remote code execution.

AI (General)
Prompt Injection Just Became an RCE Problem for AI Agents
AI (General)·

Prompt Injection Just Became an RCE Problem for AI Agents

Microsoft disclosed Semantic Kernel vulnerabilities showing how prompt injection can cross into code execution when AI agents are connected to unsafe tools. Here is what defenders should review now.

AI (General)
LiteLLM Supply Chain Attack: TeamPCP Deploys Multi-Stage Credential Stealer to 95M Monthly Downloads
AI (General)·

LiteLLM Supply Chain Attack: TeamPCP Deploys Multi-Stage Credential Stealer to 95M Monthly Downloads

A sophisticated supply chain attack has compromised LiteLLM, the widely-used Python library for interfacing with large language models, delivering multi-stage credential-stealing malware to systems downloading over 95 million packages per month. The attack, attributed to TeamPCP—

AI (General)
DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign
AI (General)·

DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign

A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat af

AI (General)
Unit 42 Warns: AI Agents Could Enable Gift Card Theft and Returns Fraud at Scale
AI (General)·

Unit 42 Warns: AI Agents Could Enable Gift Card Theft and Returns Fraud at Scale

Palo Alto Networks’ Unit 42 has published new research examining how the rise of “agentic commerce” – AI agents that autonomously browse, shop, and transact on behalf of users – could be exploited by cybercriminals to conduct retail fraud at unprecedented scale. Read the full res

AI (General)
CVE-2026-33017: Critical Langflow AI Framework Vulnerability Exploited Within 20 Hours of Disclosure
AI (General)·

CVE-2026-33017: Critical Langflow AI Framework Vulnerability Exploited Within 20 Hours of Disclosure

A critical vulnerability in Langflow, the popular open-source visual framework for building AI agents and RAG pipelines, was weaponized by threat actors within just 20 hours of public disclosure—before any proof-of-concept code was publicly available. The Vulnerability Tracked as

AI (General)
Critical Langflow AI Platform Flaw CVE-2026-33017 Exploited Within 20 Hours of Disclosure
AI (General)·

Critical Langflow AI Platform Flaw CVE-2026-33017 Exploited Within 20 Hours of Disclosure

A critical vulnerability in Langflow, the popular open-source AI workflow platform, has been actively exploited within just 20 hours of its public disclosure—before any proof-of-concept code was even available. The rapid weaponization highlights the shrinking window defenders hav

AI (General)
The Promptware Kill Chain: A New Framework for Understanding AI Malware Attacks
AI (General)·

The Promptware Kill Chain: A New Framework for Understanding AI Malware Attacks

A groundbreaking research paper by Bruce Schneier and collaborators introduces the concept of “promptware”—a distinct class of malware targeting large language models (LLMs). Moving beyond the myopic focus on prompt injection, the researchers propose a structured seven-step kill

AI (General)
Demystifying Generative AI 🤖 A Security Researcher’s Notes
AI (General)·

Demystifying Generative AI 🤖 A Security Researcher’s Notes

Roberto Rodriguez – Nov 4, 2023 • 22 min read Read Article As a security researcher, stepping into the world of Generative Artificial Intelligence (GenAI) was like entering unfamiliar territory. While I was excited by the potential it held for revolutionizing security, I soon rea

AI (General)
Threat Modeling LLM Applications
AI (General)·

Threat Modeling LLM Applications

Posted by Gavin Klondike on 06 June 2023 Read Article Before we get started: Hi! My name is GTKlondike, and these are my opinions as a cybersecurity consultant. While experts from the AI Village provided input, I will always welcome open discussion so that we can come to a better

AI (General)
Custom GPTs: A Case of Malware Analysis and IoC Analyzing
AI (General)·

Custom GPTs: A Case of Malware Analysis and IoC Analyzing

Read Article On November 6, 2023, CustomGPTs, a new feature that OpenAI stated on its blog, became available. We can already say that the emergence of Custom Generative Pre-trained Transformers (GPTs) could mark a significant shift in the dynamics of both digital defense and offe