← The Wire
Source trail

The Hacker News

Public MindPattern findings, entities, and graph evidence that cite this source.

Findings
40
All-time hits
64
High value
48
Last seen
2026-06-28

Connected entities

Related findings

  1. 2026-06-28 / AGENTSFake AI agent skill passed every security scanner and reached ~26,000 agents, including corporate accountsSecurity firm AIR built a benign-looking malicious agent skill, distributed it through a popular skill marketplace plus an Instagram ad, and reports it reached roughly 26,000 agents — some on corporate accounts — while every skill scanner it tested marked the skill safe. The researchers describe a set of attack primitives that combine to let an attacker create, distribute, and persist malicious skills at scale with minimal friction and limited detection. It is concrete evidence that current agent-skill scanning is not a reliable supply-chain control.
  2. 2026-06-26 / TOOLSPattern: MCP Config Files in Repos Are the New RCE Supply-Chain Surface Across IDEsThe Amazon Q CVE is one instance of a broader 2026 pattern — MCP configuration carried in repositories has become a remote-code-execution supply-chain surface, not just untrusted tool output. Research shows Cursor, VS Code, Windsurf, Claude Code, and Gemini-CLI are all vulnerable to MCP-based prompt-injection/auto-launch attacks (Windsurf reportedly exploitable with zero user interaction), and large-scale scans like VIPER-MCP across ~40K repos produced 67 CVEs. The config file itself is now the attack vector.
  3. 2026-06-18 / DISPATCH144 @mastra npm Packages Backdoored in 88-Minute Supply-Chain Attack on AI FrameworkOn June 17 an attacker hijacked a stale contributor account ('ehindero') and republished 142 packages under the @mastra npm scope in an automated 88-minute run, injecting a typosquatted 'easy-day-js' dependency. The postinstall payload disabled TLS verification, fetched a second-stage C2 binary, and harvested browser data plus credentials from 166 crypto-wallet extensions; @mastra/core alone sees ~918K weekly downloads, so blast radius is large. Teams building AI apps on Mastra should roll back to pre-incident versions and rotate npm, GitHub, cloud, and LLM API tokens immediately.
  4. 2026-06-17 / HACKER NEWSActively Exploited LiteLLM RCE (CVE-2026-42271) Threatens the Agent StackCISA added CVE-2026-42271 — a command-injection flaw (CVSS 8.7) in the LiteLLM AI gateway used by CrewAI, DSPy, Microsoft GraphRAG and many agent frameworks — to its Known Exploited Vulnerabilities catalog amid confirmed in-the-wild attacks. Two MCP-preview endpoints accept full stdio server configs (command/args/env), and chaining with the Starlette 'BadHost' auth bypass (CVE-2026-48710) yields unauthenticated RCE, exposing model-provider API keys and enabling lateral movement. Fixes shipped in LiteLLM v1.83.7 and Starlette 1.0.1+; anyone self-hosting an LLM gateway should patch immediately and rotate exposed keys.
  5. 2026-06-14 / SOURCESAgentjacking: Poisoned Sentry Errors Hijack Claude Code, Cursor, and Codex via MCPTenet Security and the Cloud Security Alliance disclosed 'Agentjacking,' an attack that injects malicious instructions into Sentry error events using only a public, write-only DSN — which MCP-connected coding agents then retrieve and execute with the developer's own system privileges. Controlled tests hit an ~85% success rate across 100+ orgs, and the chain bypasses EDR, WAF, IAM, and firewalls because every step is technically authorized. Sentry declined a root-cause fix, calling the class 'not defensible' at the platform level — anyone wiring error-tracking MCP servers into an agent should treat ingested events as untrusted input.
  6. 2026-05-29 / SKILLSMalicious npm 'mouse5212-super-formatter' Exfiltrates Claude AI User Directory — AI-Generated Malware Leaks Its Own GitHub TokenOX Security discovered a malicious npm package targeting /mnt/user-data, the directory Anthropic's Claude uses for uploads and outputs. The package recursively uploads every file to an attacker-controlled GitHub repo via the Contents API. In a twist, the AI-generated malware leaked its own private GitHub token, enabling full attribution. 676 downloads before detection; ~7 active exfiltration attempts observed. Codenamed 'Malware-Slop' — signals that low-skill attackers are using AI to generate supply-chain malware.
  7. 2026-05-28 / AGENTSPraisonAI CVE-2026-44338: Agent Framework Auth Bypass Exploited in 3 Hours 44 Minutes After DisclosureCVE-2026-44338 (CVSS 7.3) in PraisonAI's legacy Flask API server ships with authentication disabled by default, allowing unauthenticated workflow execution and agent config enumeration. Sysdig documented the fastest observed exploit timeline: a scanner identifying as 'CVE-Detector/1.0' hit the vulnerable endpoint exactly 3 hours 44 minutes 39 seconds after the May 11 advisory. Patched in v4.6.34; affects versions 2.5.6 through 4.6.33. The speed of exploitation underscores that agent frameworks are now first-day targets.
  8. 2026-05-23 / SOURCESGitHub Discloses 3,800 Internal Repositories Exfiltrated via TeamPCP Supply Chain Attack on Nx Console VS Code ExtensionA trojanized Nx Console VS Code extension (v18.95.0, 2.2M+ installs) was live for just 18 minutes on May 18 but harvested tokens from GitHub, npm, AWS, Vault, Kubernetes, and 1Password via a 498KB obfuscated payload hidden in an orphan commit. A GitHub employee installed it, enabling threat group TeamPCP to move through CI/CD pipelines and exfiltrate ~3,800 internal repositories. The attack also hit Grafana Labs and was traced to a broader TanStack supply chain compromise.
  9. 2026-05-19 / SKILLSOpenAI Launches Daybreak: Codex Security Agentic Engine Scanned 1.2M Commits, Found 792 Critical and 10,561 High-Severity Vulnerabilities in Open-SourceOpenAI's Daybreak initiative (launched May 11) puts Codex Security — an agentic scanner that reads code, forms hypotheses, runs tests, and validates findings like a human researcher — into production vulnerability workflows. Beta results: 1.2M commits scanned, 792 critical + 10,561 high-severity issues found across OpenSSH, GnuTLS, PHP, and Chromium, with 3,000+ critical/high vulns patched. Three access tiers gated by verification: default GPT-5.5, Trusted Access for Cyber, and GPT-5.5-Cyber for specialized defensive work.
  10. 2026-05-18 / HACKER NEWS1 Million Exposed AI Services Scanned: AI Infrastructure Is the Most Vulnerable Software Class Ever StudiedUsing certificate transparency logs, researchers identified over 2 million hosts with 1 million exposed AI services and found AI infrastructure more vulnerable, exposed, and misconfigured than any other software class previously investigated. Many exposed instances lacked authentication entirely, with chat histories and agent interfaces openly accessible. The finding underscores the security debt accumulating as businesses rush to self-host LLM infrastructure for competitive advantage at the expense of basic security hygiene.
  11. 2026-05-16 / SKILLSGoogle GTIG Confirms First AI-Built Zero-Day Exploit in the Wild: LLM-Generated 2FA Bypass on Open-Source Admin ToolGoogle's Threat Intelligence Group identified a threat actor using an AI model to discover and weaponize a zero-day vulnerability — a semantic logic flaw with hard-coded trust assumption that bypasses 2FA on a popular web admin tool. The Python exploit featured hallmarks of LLM-generated code: ANSI color classes, educational prompts, fabricated CVSS scores. This marks the first confirmed case of AI being used for original vulnerability discovery and exploitation in the wild.
  12. 2026-05-16 / AGENTSPraisonAI CVE-2026-44338: Multi-Agent Framework Auth Bypass Exploited Within 4 Hours of DisclosureCVE-2026-44338, a missing authentication vulnerability (CVSS 7.3) in PraisonAI's multi-agent orchestration framework, was actively exploited within 3 hours and 44 minutes of public disclosure on May 11. The flaw exposed /agents and /chat endpoints without any token requirement, allowing attackers to enumerate agent metadata and trigger agents.yaml workflows remotely. All versions from 2.5.6 through 4.6.33 were affected; patched in 4.6.34. The rapid exploitation timeline underscores the speed at which AI framework zero-days are now weaponized.
  13. 2026-05-16 / AGENTSCyera Discloses 'Claw Chain' — Four Chainable OpenClaw Vulnerabilities Exposing 245,000 Public AI Agent ServersCyera Research publicly disclosed four chainable vulnerabilities in OpenClaw on May 15, collectively dubbed 'Claw Chain,' enabling sandbox escape, privilege escalation to owner-level control, and persistent backdoors. CVE-2026-44112 (CVSS 9.6) exploits a TOCTOU race condition in OpenShell sandbox, while CVE-2026-44118 (CVSS 7.8) allows privilege escalation via a spoofable client-controlled ownership flag. Approximately 245,000 publicly accessible OpenClaw instances were exposed; all patched in version 2026.4.22.
  14. 2026-05-10 / NEWScPanel Zero-Day CVE-2026-41940 Weaponized — 44,000 Servers Compromised, 'Sorry' Ransomware DeployedA critical CRLF injection vulnerability (CVSS 9.8) in cPanel/WHM authentication was exploited within 24 hours of disclosure, compromising at least 44,000 IP addresses. Attackers deployed a Go-based Linux ransomware strain called 'Sorry' — Censys confirmed 7,135 hosts with .sorry artifacts. Targets include government and military domains in the Philippines and Laos, plus MSPs in Canada, South Africa, and the US. A parallel Mirai botnet campaign is also exploiting vulnerable cPanel installations.
  15. 2026-05-10 / HACKER NEWSScan of 1 Million Exposed AI Services Reveals Worst Security of Any Software Category — 31% of Ollama Instances Respond Without AuthThe Intruder security team scanned 2 million hosts and identified 1 million exposed AI services, finding the AI infrastructure was 'more vulnerable, exposed, and misconfigured than any other software' they've investigated. Of 5,200+ Ollama API servers tested, 31% responded to prompts without authentication, with 518 instances wrapping premium frontier models from Anthropic and OpenAI using hardcoded API keys. Widespread misconfigurations include insecure Docker setups, applications running as root, and agent management platforms (n8n, Flowise) left internet-facing without authentication — exposing real user conversations and company tooling.
  16. 2026-05-09 / SKILLSThe Hacker News: 2026 Is the Year of AI-Assisted Attacks — Autonomous Agents Map Active Directory and Seize Domain Admin in MinutesThe Hacker News reports that 2026 marks the shift from AI-assisted to AI-driven attacks, with threat actors using custom AI setups to automate exploitation. Autonomous agents can now map Active Directory and seize Domain Admin credentials in minutes. Exploits routinely arrive before patches, and AI makes phishing attacks nearly impossible to spot. The piece aligns with Cisco's State of AI Security findings that AI attack vectors have moved from theoretical to operational.
  17. 2026-05-09 / NEWSScan of 1 Million Exposed AI Services Reveals Dire Security — No Auth, Hardcoded Keys, Root AccessThe Hacker News reports on a large-scale scan using certificate transparency logs that found over 1 million exposed AI services with catastrophic security hygiene. Many deployments had no authentication (disabled by default), hardcoded credentials, API keys in plaintext, and applications running as root. Claude-powered chatbots were found leaking API keys; n8n and Flowise agent platforms were internet-exposed without auth.
  18. 2026-05-08 / AGENTSThe Hacker News: 2026 Declared 'Year of AI-Assisted Attacks' — Autonomous Agents in 1 of 8 AI-Related BreachesThe Hacker News reports AI-enabled attacks rose 89% year-over-year in 2026, with autonomous agents now accounting for 1 in 8 AI-related breaches. The analysis highlights a shift from AI as a tool for existing attack workflows to AI agents operating as independent threat actors conducting reconnaissance, lateral movement, and data exfiltration with minimal human guidance.
  19. 2026-05-08 / AGENTSThe Hacker News: 1 Million Self-Hosted AI Services Scanned — Exposed Chat Histories, Credentials, and Free ComputeA large-scale internet scan found approximately 1 million exposed AI services across 2 million hosts, revealing weak defaults in self-hosted LLM infrastructure. Exposed conversational logs and tooling leak operational strategy, credentials, and PII, while also providing free compute for model abuse and safety bypass attempts. The pattern of rapid self-hosted AI adoption with immature deployment hardening is creating infrastructure easier to exploit than many legacy services.
  20. 2026-05-06 / AGENTSThe Hacker News: AI Agents Already Inside the Perimeter — 80% of Fortune 500 Deployed Agents, Only 10% Have GovernanceAI agents are being spun up across business units, embedded in SaaS platforms, and built in-house faster than enterprises can govern them. More than 80% of Fortune 500 companies now have active AI agents built with low-code/no-code tools, yet only 10% have a clear management strategy. Unlike traditional software, agents run continuously, span multiple applications, acquire permissions opportunistically, and generate activity at machine speed.
  21. 2026-05-05 / NEWSThe Hacker News: 2026 Is the Year of AI-Assisted Attacks — Exploits Arriving Before PatchesCiting Mandiant's M-Trends 2026 report, The Hacker News reports that 28.3% of CVEs are now exploited within 24 hours of disclosure, with AI-powered reconnaissance and exploit generation compressing the attacker advantage window. The piece frames 2026 as a structural inflection where AI-assisted attacks outpace human-speed patching cycles, making automated defense mandatory.
  22. 2026-05-03 / TOOLSnginx-ui MCP Integration CVE-2026-33032: CVSS 9.8 Authentication Bypass Enables Full Server TakeoverA critical authentication bypass in nginx-ui's MCP integration (codenamed MCPwn by Pluto Security) allows unauthenticated attackers to execute arbitrary commands on any nginx server running the MCP plugin. CVSS score of 9.8 reflects the zero-interaction attack path — no credentials needed, full server compromise. This is actively being exploited in the wild and represents the first confirmed weaponization of an MCP integration vulnerability.
  23. 2026-05-02 / SKILLSLiteLLM CVE-2026-42208: Pre-Auth SQL Injection in AI Gateway Exploited Within 36 Hours — CVSS 9.3, Upstream Provider Keys at RiskA critical pre-authentication SQL injection in LiteLLM (22K+ GitHub stars), the open-source LLM proxy used as a gateway to OpenAI/Anthropic/AWS, was exploited in the wild within 36 hours of disclosure. The attacker targeted litellm_credentials tables containing upstream provider API keys with five-figure monthly spend caps. A single compromised row often holds OpenAI org keys, Anthropic workspace admin credentials, and AWS Bedrock IAM tokens — making this closer to cloud-account compromise than typical SQLi.
  24. 2026-04-30 / AGENTSMCP STDIO Transport RCE: 11 CVEs Across 7,000+ Vulnerable Servers and 150M+ Package DownloadsOX Security researchers disclosed a critical architectural flaw in Anthropic's Model Context Protocol STDIO transport that enables arbitrary command execution via configuration-to-command injection. The vulnerability affects 11 distinct projects including LiteLLM (CVE-2026-30623, patched), Agent Zero (CVE-2026-30624), and Flowise (CVE-2026-40933), with implementations across Python, TypeScript, Java, and Rust. Over 7,000 publicly accessible servers and packages totaling 150M+ downloads are affected. The design flaw allows MCP tool invocations to execute arbitrary OS commands through the STDIO interface, returning error messages after execution regardless of server validity.
  25. 2026-04-29 / SKILLSMicrosoft Patches Entra ID Agent Administrator Role Flaw: New AI-Agent-Focused Role Enabled Full Tenant Takeover via Service Principal Credential InjectionSilverfort discovered that Microsoft's new Agent ID Administrator built-in role — introduced for managing AI agent identity lifecycle — could take over arbitrary service principals beyond agent-related identities by adding attacker-controlled credentials. An attacker with this role could enumerate high-privilege service principals via Graph API, claim ownership of non-agent principals, inject credentials, then authenticate as those principals with their elevated permissions. Microsoft patched across all cloud environments on April 9 after responsible disclosure on March 1; about 99% of business networks have at least one privileged service principal, and over half of companies studied already use agent identities.
  26. 2026-04-28 / DISPATCHSelf-Propagating npm Supply Chain Worm Steals Developer Tokens via Decentralized C2 ChannelSecurity researchers tracked the 'CanisterSprawl' campaign — a self-propagating npm supply chain worm that uses Internet Computer Protocol (ICP) canisters as a decentralized, resilient command-and-control channel. The worm collects tokens, API keys, SSH keys, cloud credentials, CI/CD secrets, and LLM platform keys, then uses stolen npm publish tokens to republish poisoned package versions. Between April 21-23, three distinct attacks hit npm, PyPI, and Docker Hub simultaneously, affecting developer environments and CI/CD pipelines.
  27. 2026-04-27 / SKILLSVercel Breached via Context AI OAuth Supply Chain: Employee Granted 'Allow All' Permissions to Third-Party AI Tool, Attacker Pivoted to Customer Environment VariablesA Vercel employee signed up for Context AI's 'AI Office Suite' using their enterprise Google Workspace account with full OAuth permissions. When Context AI was compromised in March, attackers used the token to access the employee's Vercel account, then enumerated and decrypted non-sensitive environment variables. Vercel says 'hundreds of users across many organizations' may be affected, though variables marked 'sensitive' were not accessed. The breach demonstrates how third-party AI tool OAuth grants create lateral movement paths in enterprise environments.
  28. 2026-04-25 / SKILLSCVE-2026-33626: LMDeploy Vision-Language SSRF Exploited Within 13 Hours — Attackers Accessed AWS IMDS, Port-Scanned Internal NetworksA CVSS 7.5 SSRF vulnerability in LMDeploy's load_image() function was weaponized within 12 hours 31 minutes of GitHub disclosure. Attackers used the vision-language image loader as a generic HTTP SSRF primitive to port-scan internal networks behind model servers — targeting AWS IMDS, Redis, MySQL, HTTP admin interfaces, and OOB DNS endpoints in a single 8-minute session. Vision-LLM nodes typically run on GPU instances with broad IAM roles, making one successful IMDS fetch sufficient to compromise a cloud account. Patch or restrict network access to any LMDeploy deployment immediately.
  29. 2026-04-25 / TOOLSPattern: MCP Supply Chain Risk Materializes — STDIO Transport Enables RCE at Ecosystem ScaleCVE-2026-30623 exposed a design-level flaw in MCP's stdio transport: any server configured with transport:stdio can execute arbitrary commands on the host. With 150M+ SDK downloads and 200K+ deployed servers, this isn't one vendor's bug — it's a class of vulnerability in the protocol's most common transport. The Hacker News and security press coverage (OX Security, PipeLab, Pomerium) signals MCP security is now a first-class concern. Expect: command allowlists becoming standard, enterprises requiring streamable-http transport over stdio.
  30. 2026-04-23 / AGENTSFlowise CVE-2025-59528 Under Active In-the-Wild Exploitation — Third Critical AI Agent Builder Flaw with 12,000+ Exposed InstancesVulnCheck confirmed the first in-the-wild exploitation of CVE-2025-59528 (CVSS 10.0) in Flowise, an open-source AI agent builder with 12,000+ internet-exposed instances. The flaw allows unauthenticated RCE through the CustomMCP node, which executes user-provided JavaScript without validation, granting access to child_process and fs with full Node.js privileges. Initial attacks originated from a single Starlink IP. This is Flowise's third exploited CVE, compounding the separate CVE-2026-40933 MCP adapter flaw. The pattern of AI agent builders shipping with dangerous code execution defaults is now a confirmed attack surface.
  31. 2026-04-22 / AGENTSOX Security Exposes Architectural MCP Design Flaw Enabling RCE Across 150M+ Downloads and 200K Servers — Anthropic Declines to FixOX Security published an advisory on April 15 detailing a systemic vulnerability in the MCP STDIO interface: any attacker who can influence an MCP configuration can achieve arbitrary shell command execution on the host, regardless of programming language. Anthropic confirmed the behavior is by design and declined to modify the protocol, stating sanitization is the developer's responsibility. The flaw affects Claude Code, Cursor, VS Code, Windsurf, Gemini CLI, LangChain, LiteLLM, and IBM LangFlow — over 150 million downloads and up to 200,000 vulnerable server instances, with related CVEs already assigned for MCP Inspector, LibreChat, WeKnora, and Cursor.
  32. 2026-04-19 / SKILLSBrowser Extensions Are the Largest Unmanaged AI Attack Surface: 1-in-6 Enterprise Users Run AI Extensions, 60% More Likely to Have VulnerabilitiesLayerX research reveals that AI browser extensions are 60% more likely to have vulnerabilities than average extensions, 3x more likely to access cookies, 2.5x more likely to execute remote scripts, and 6x more likely to have escalated permissions in the past year. About 1-in-6 enterprise users already use at least one AI extension, and these extensions bypass traditional security controls by accessing page content, user inputs, and session data without triggering policy enforcement.
  33. 2026-04-17 / SKILLSMCPwn CVE-2026-33032: First Major MCP Exploit in the Wild — Missing Auth Middleware in nginx-ui Enables Full Server Takeover in Two HTTP RequestsPluto Security's CVE-2026-33032 (CVSS 9.8), codenamed MCPwn, became the first widely-exploited MCP vulnerability in the wild. The nginx-ui MCP integration exposed 12 MCP tools to any network attacker through a single missing middleware call on the /mcp_message endpoint — while /mcp enforced auth, /mcp_message only checked IP whitelisting. Added to VulnCheck KEV on April 13. Recorded Future ranked it 94/100 risk score and one of the 31 most-exploited CVEs of March 2026. The fix was 27 characters of code. 2,600+ instances were exposed.
  34. 2026-04-15 / PROJECTSOpenAI Launches GPT-5.4-Cyber for Defensive Security Teams — Fine-Tuned Frontier Model for Vulnerability HuntingOpenAI unveiled GPT-5.4-Cyber on April 14, a variant of GPT-5.4 fine-tuned for defensive cybersecurity, days after Anthropic's Mythos release. The model is being distributed through the expanded Trusted Access for Cyber (TAC) program to thousands of authenticated individual defenders and hundreds of security teams. It has already helped identify 3,000+ vulnerabilities in production software — this is OpenAI's clearest move yet to compete with Anthropic's security-focused Mythos deployments.
  35. 2026-04-12 / AGENTSMarimo CVE-2026-39987: Pre-Auth RCE in AI Notebook Exploited Within 10 Hours of DisclosureCritical pre-auth RCE (CVSS 9.3) in the Marimo Python notebook's terminal WebSocket endpoint /terminal/ws, which skips authentication validation entirely. Sysdig recorded the first in-the-wild exploit just 9 hours 41 minutes after advisory publication — attacker built a working exploit from the advisory alone. Compromised AI notebooks typically expose API keys for OpenAI, Anthropic, Google, and cloud credentials.
  36. 2026-04-09 / VOICESClaude Mythos Preview Discovers Thousands of Zero-Days Across Every Major OS and Browser — Autonomously Chains Linux Kernel ExploitsAnthropic's technical assessment published April 7 reveals Claude Mythos Preview autonomously identified thousands of previously unknown zero-day vulnerabilities in 'every major operating system and every major web browser,' including some undetected for decades. In Linux kernel testing, Mythos filtered 100 CVEs from 2024-2025 to 40 exploitable candidates and built privilege escalation exploits for over half, then autonomously chained multiple flaws to achieve complete machine control. Anthropic has privately warned top government officials that Mythos makes large-scale cyberattacks 'significantly more likely this year.'
  37. 2026-04-08 / AGENTSFlowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation via MCP Server Config Injection — 12,000+ Instances ExposedVulnCheck detected first in-the-wild exploitation of CVE-2025-59528 (CVSS 10.0) in Flowise's CustomMCP node, which parses user-provided mcpServerConfig strings and executes JavaScript without validation, granting access to child_process and fs with full Node.js privileges. Attacks originate from a single Starlink IP, targeting 12,000-15,000 publicly exposed instances. This is Flowise's third CVE with confirmed in-the-wild exploitation. Patched in version 3.0.6.
  38. 2026-04-05 / NEWSNorth Korean UNC1069 Hijacks Axios npm Package (100M Weekly Downloads) via Social Engineering — WAVESHAPER.V2 Backdoor DeployedOn March 31, North Korean threat group UNC1069 compromised the Axios npm package maintainer through social engineering — cloning a legitimate company founder's likeness and creating a fake Slack workspace. They published malicious versions deploying the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux. The malicious versions were live for ~3 hours and downloaded by roughly 3% of Axios's ~100M weekly userbase. Google Threat Intelligence Group publicly attributed the attack on April 1.
  39. 2026-04-05 / VOICESClaude Code Leak Security Analysis: Straiker Warns Attackers Can Now Craft Targeted Prompt Injections Against Known ArchitectureAI security firm Straiker analyzed the Claude Code source leak and warned that attackers can now study exactly how data flows through Claude Code's internal context pipeline and craft payloads specifically designed to survive context compaction. 'Blind jailbreak attempts are no longer necessary when the architecture is fully documented,' the firm noted. The leak also revealed that Claude Code uses axios as a dependency — a library that was recently compromised in a supply chain attack. Combined with the 10M+ views and widespread mirroring, this creates a measurably expanded attack surface for the most popular AI coding tool.
  40. 2026-04-03 / NEWS766 Next.js Hosts Breached via CVE-2025-55182 in 24 Hours — CVSS 10.0, Mass Credential TheftCisco Talos uncovered 'UAT-10608,' a credential harvesting campaign exploiting CVE-2025-55182 (CVSS 10.0) in React Server Components and Next.js App Router that compromised 766 servers worldwide in 24 hours. Post-compromise, 91.5% of hosts leaked database credentials and 78.2% exposed SSH private keys, funneled to a C2 platform called 'NEXUS Listener.' Any builder running Next.js App Router should patch immediately — this is automated mass exploitation with a web GUI for the attackers.
Open latest cited source