#113 - AI Agent Runs First Live Intrusion: Marimo, Flowise, SymJack

An LLM agent autonomously emptied a database in under two minutes, while RCEs in AI orchestration runtimes and coding agents widened the attack surface.

#112 - Shai-Hulud Worm Goes Public: AI Supply Chain Attacks Explode

Megalodon hits 5,561 GitHub repos, ChromaDB max-severity RCE exposes the AI infrastructure layer, and one fraudster replicates a full criminal team with jailbroken Gemini.

#111 - AI Zero-Day in the Wild and Mini Shai-Hulud Worm Hits OpenAI

Google confirms first AI-developed exploit, TeamPCP worm compromises Mistral, Guardrails, OpenAI with valid SLSA attestations and Claude Code hooks

#110 - AI Attacks OT: Claude Used Autonomously in Water Utility Breach

Claude Code one-click RCE, Five Eyes agentic AI warning, and a Hugging Face typosquat hitting 244,000 downloads.

#109 - AI Developer Toolchain Under Attack: DPRK LLM Malware, Gemini CLI RCE

How the coding assistants, agent marketplaces, and ML libraries powering AI development became this week's primary supply chain attack surface.

#108 - Vercel Breach via AI Tool OAuth: Supply Chain Attacks Hit Production

Vercel breach, the Shai-Hulud npm worm targeting AI/MCP configs, and Claude Mythos earning its first Firefox CVEs.

#107 - AI Coding Agents Hijacked: MCP Flaw, Claude Mythos, Prompt Injection

#106 - AI Credential Harvest Scales as Agentic Attack Surface Mapped

Systematic prompt injection chains, 35,000 exposed Gemini keys, and $893M in FBI-confirmed AI fraud losses define a week of convergent risk.

#105 - North Korea's AI Malware, Claude Code Exploit, and the AI Supply Chain Breach

AI threat intelligence on DPRK operationalising LLMs in attacks, critical Claude Code prompt injection, and TeamPCP's cascade through the AI developer supply chain