AI
Jul 13, 2026
A security researcher has shown that xAI's Grok Build CLI was uploading entire git repositories, including unredacted secrets, to a Google Cloud Storage bucket, and that the tool's own opt-out toggle did not stop it.
Meta
Jun 1, 2026
Hackers seized high-profile Instagram accounts by exploiting Meta AI customer support, asking the bot to link a new email without verification. Victims include Obama White House account and Sephora.
Security
May 28, 2026
A DPRK-linked supply chain attack plants a RAT via npm packages and routes all stolen credentials to private HuggingFace datasets. Two AI developer victims confirmed May 28 2026.
AI
May 25, 2026
PromptArmor disclosed that Microsoft Copilot Cowork can be tricked into exfiltrating files from a user's tenant through a chained prompt-injection attack on SharePoint.
AI Tools
May 22, 2026
Perplexity open-sourced Bumblebee, a read-only supply-chain scanner for macOS and Linux that detects compromised packages.
AI News
May 22, 2026
Anthropic reported that Mythos Preview found over 10,000 critical software bugs through automated security analysis.
News
May 19, 2026
GitHub confirmed unauthorized access to its own internal repositories on May 19, 2026. Customer repos are not known to be affected, but here is what AI creators should audit now.
News
May 19, 2026
A May 19 npm supply-chain wave compromised 317 packages including timeago.js and the @antv ecosystem, rewriting .claude/settings.json to hijack Claude Code, Codex, and Cursor sessions.
tools
May 18, 2026
A new $9.99 macOS app scans the local chat databases of Claude Code, Cursor, and VS Code Copilot for exposed API keys and secrets before they cause damage.
Deep Dive
May 17, 2026
Security researchers have found a way to hijack voice AI models using inaudible sounds embedded in ordinary audio clips. AudioHijack achieved 79 to 96 percent success rates across 13 large audio language models.
Deep Dive
May 13, 2026
Security firm Calif used Anthropic's Mythos Preview to build the first macOS M5 kernel exploit in five days, bypassing Apple's Memory Integrity Enforcement.
Mistral
May 12, 2026
mistralai==2.4.6 was backdoored in the Mini Shai-Hulud supply chain attack. PyPI quarantined the project. Here is what to check and do if you build with Mistral's Python SDK.