
Miasma Worm Compromises 73 Microsoft GitHub Repos
Miasma worm planted config files that auto-execute credential theft when developers open Microsoft Azure repos in Claude Code, Gemini CLI, Cursor, or VS Code.
They summarize our coverage. We write it.
Newsletters like this one rebroadcast our headlines - often without the full review, the source reading, or the analysis underneath. Our weekly briefing sends the work they paraphrase, straight from the desk, before they get to it.
Free, weekly, no spam. One email every Tuesday. Unsubscribe anytime.

Miasma worm planted config files that auto-execute credential theft when developers open Microsoft Azure repos in Claude Code, Gemini CLI, Cursor, or VS Code.

OpenAI's new Lockdown Mode cuts the network exits that prompt injection attacks use to steal data from ChatGPT - but won't stop malicious instructions from entering the model in the first place.

Anthropic analyzed 832 banned accounts over 12 months and found AI-assisted threat actors grew from a third to more than half of all high-risk cases.

Anthropic expands Project Glasswing to 150 organizations across 15 countries, with Claude Mythos Preview surfacing 10,000 high-severity vulnerabilities since April.

IBM and Red Hat's Project Lightwell deploys 20,000 engineers and AI to patch open source vulnerabilities against exact deployed versions - no forced upgrades, commercial subscription model.

Iranian IRGC-linked group Nimbus Manticore used AI coding tools to build a new backdoor during the US-Iran conflict, targeting aviation and software firms across three campaign waves.

Three new papers reframe how we measure agent efficiency, defend agent memory from poisoning attacks, and calculate hard accuracy ceilings for transformers.

TeamPCP stole 3,800 GitHub internal repos via a malicious Nx Console update live for just 11 minutes, tracing back to the TanStack supply chain compromise.

Trump scrapped a White House AI executive order signing ceremony at the last minute, citing concerns about US competitiveness - even as Anthropic Mythos and OpenAI's GPT-5.5-Cyber showed AI can now find and exploit zero-days at scale.

Ten offensive security tools ranked by AI integration depth - from Burp Suite and Legba to Nuclei, Ghidra, Hashcat, BloodHound CE, and Metasploit.

Google's Threat Intelligence Group confirmed criminals used an AI model to discover and weaponize a zero-day 2FA bypass - the first documented case of AI-generated exploitation in a real attack campaign.

OpenAI's Daybreak initiative packages GPT-5.5 and Codex Security into a managed cybersecurity program with 20+ partners - a direct answer to Anthropic's Project Glasswing.