Trump DOJ Files Ninth Circuit Appeal in Anthropic Case
The Justice Department is asking the Ninth Circuit to reverse the order that blocked the Pentagon's supply chain risk label on Anthropic and paused Trump's federal ban on Claude.
Supply chain attack
LiteLLM Was Hacked Through Its Own Vulnerability Scanner
The LiteLLM supply chain attack originated from Trivy - the security scanner in LiteLLM's CI/CD pipeline. TeamPCP compromised Trivy, stole the PyPI publishing token, and uploaded backdoored packages directly.
LiteLLM Compromised: Credential Stealer in PyPI Package
LiteLLM versions 1.82.7 and 1.82.8 contain a credential-stealing payload that exfiltrates SSH keys, cloud credentials, and crypto wallets to a lookalike domain. The package has 97 million monthly downloads.
Hundreds of LLM-Written GitHub Repos Are Malware
We ran the GitHub search query from a researcher's blog post and confirmed 300+ malicious repositories with AI-generated READMEs distributing info-stealers - with the real number likely north of 1,000.
Iran Targets US Tech Facilities - What It Means for AI
Iran's IRGC designated facilities of Amazon, Nvidia, Microsoft, Google, Oracle, IBM, and Palantir across Israel and the Gulf as legitimate targets - with AWS data centers already struck by drones.
Pentagon Formally Designates Anthropic a Supply Chain Risk
The Pentagon has formally notified Anthropic that its supply chain risk designation is effective immediately - the first time the US government has applied this label to a domestic tech company.
Defense Contractors Purge Claude After Pentagon Blacklist
Lockheed Martin and at least 10 defense-backed startups are actively removing Anthropic's Claude from their operations after the Pentagon designated the company a supply chain risk.
An AI Agent Just Pwned Trivy's 32K-Star Repo via GitHub Actions
An autonomous agent powered by Claude Opus 4.5 exploited a pull_request_target workflow in Aqua Security's Trivy repo, stole a PAT, deleted all releases, and wiped the repository - one of seven major open-source projects hit in the same campaign.
Anthropic Sues Pentagon Over Supply Chain Blacklist
Anthropic will challenge the Pentagon's unprecedented supply chain risk designation in court, calling it legally unsound and a dangerous precedent for any American company that negotiates with the government.
CVSS 9.8 Command Injection in Claude-Hovercraft - Another AI Tool RCE Joins the Pile
ZDI-26-124 discloses a critical command injection vulnerability in the claude-hovercraft tool's executeClaudeCode function, scoring CVSS 9.8 with no authentication required.
RoguePilot - How a Hidden Comment in a GitHub Issue Could Steal Your Entire Repository
Orca Security reveals RoguePilot, a supply chain attack that weaponizes GitHub Issues to hijack Copilot in Codespaces and exfiltrate repository tokens.
Hard Drives Are Sold Out for 2026: AI Data Centers Have Bought Everything
Western Digital and Seagate confirm their entire 2026 HDD production is sold out to AI hyperscalers, with consumer prices surging nearly 50% as the storage industry pivots away from retail buyers.
