Worrying open-source security issue 'BadHost' could affect millions of AI agents, experts warn

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
Computer Weekly

Glassworm botnet that targeted OS devs smashed to pieces

CrowdStrike, Google and the Shadowserver Foundation worked together to take down a botnet that poisoned over 300 GitHub ...
InfoWorld

An open-source toolkit for controlling out-of-control AI agents

Microsoft’s Agent Governance Toolkit brings runtime policy enforcement to autonomous agents, based on the OWASP top 10 agent ...

Merck and Mastercard are seeing real agentic AI results. Both say the plumbing came first.

Merck cut a drug discovery cycle by 33% and ships compliant marketing 80% faster. Mastercard is rethinking fraud disputes.
IT News Africa

AVEVA Announces New Capabilities to Embed AI across Industrial Organizations & Data Infrastructure

AVEVA, a global leader in industrial software, today announced a broad set of product innovations spanning its industrial ...

AI is making everyone web app builders - but leaving teams exposed

When (and why) does AI coding flip from promising to a security nightmare? Let's look under the coding hood.
Dark Reading

For Enterprises, Security Remains Agentic AI's Biggest Challenge

Every company may need an agentic AI strategy, but the tools to allow frameworks such as OpenClaw to be securely used have ...
SecurityWeek

GlassWorm Botnet Disrupted

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Google blocked the first known AI-powered attack on 2FA accounts; here is how hackers tried to break in, know how to stay safe

Foreign hackers attempted a novel AI-powered cyberattack targeting two-factor authentication using a zero-day exploit. Google's Threat Intelligence Group detected and thwarted this sophisticated plot, ...

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...