AgentsShai-Hulud 3.0: Self-Propagating NPM Supply Chain WormCybernews·high signalThird variant of registry-native worm, 500+ packages compromisedSourceSource pageCybernews↳ Follow the threadPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSPolicy dependency / Stack layerSouth Korea Unveils $880B 10-Year Plan for Chips, AI Infrastructure, and RoboticsCrescendo AIStack layer / Threat patternArmadin details full sandbox escape in Anthropic's Claude Cowork; Anthropic disputes, silently patchesSiliconANGLEStack layer / Threat patternOpenClaw ships broad July 6 platform update: GPT-5.6 support, external harness attach, hardened provider I/OReleasebotStack layer / Threat patternMalicious agent skills evade every scanner: HKUST's SkillCloak beats detectors 90%+ of the time, SkillDetonate catches 97%Help Net SecurityStack layer / Threat patternMeta Stands Up a Cloud Business to Sell AI Compute — CoreWeave Stock Drops 14%The Motley FoolStack layer / Threat patternDefend against prompt injection with an embedding-scored Threat Library, not brittle regex rulesPromptHaloStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWiz