CSA Launches CSAI Foundation for AI Security
Cloud Security Alliance creates dedicated nonprofit to govern autonomous AI agent ecosystems through risk intelligence and certification
-
-
Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit
TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx’s KICS and VS Code plug-ins, and the LiteLLM AI library — and all signs point to more attacks to come.
-
How AI Coding Tools Crushed the Endpoint Security Fortress
Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have brought the walls down.
-
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published…
-
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. “The campaign abuses Google Ads to serve rogue ScreenConnect (
-
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. “The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails,” Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared
-
GitHub ‘OpenClaw Deployer’ Repo Delivers Trojan Instead
An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats.
-
How a Large Bank Uses AI Digital Twins for Threat Hunting
JPMorgan Chase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts.
-
Microsoft Proposes Better Identity, Guardrails for AI Agents
Companies need better controls to manage key threats rising from the growth of agentic AI. These new features provide a starting point.
-
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below – react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader