Defense Contractors Purge Claude After Pentagon Blacklist
Lockheed Martin and at least 10 defense-backed startups are actively removing Anthropic's Claude from their operations after the Pentagon designated the company a supply chain risk.
Articles Tagged "Supply Chain Attack"
An AI Agent Just Pwned Trivy's 32K-Star Repo via GitHub Actions
An autonomous agent powered by Claude Opus 4.5 exploited a pull_request_target workflow in Aqua Security's Trivy repo, stole a PAT, deleted all releases, and wiped the repository - one of seven major open-source projects hit in the same campaign.
Anthropic Sues Pentagon Over Supply Chain Blacklist
Anthropic will challenge the Pentagon's unprecedented supply chain risk designation in court, calling it legally unsound and a dangerous precedent for any American company that negotiates with the government.
CVSS 9.8 Command Injection in Claude-Hovercraft - Another AI Tool RCE Joins the Pile
ZDI-26-124 discloses a critical command injection vulnerability in the claude-hovercraft tool's executeClaudeCode function, scoring CVSS 9.8 with no authentication required.
RoguePilot - How a Hidden Comment in a GitHub Issue Could Steal Your Entire Repository
Orca Security reveals RoguePilot, a supply chain attack that weaponizes GitHub Issues to hijack Copilot in Codespaces and exfiltrate repository tokens.
Hard Drives Are Sold Out for 2026: AI Data Centers Have Bought Everything
Western Digital and Seagate confirm their entire 2026 HDD production is sold out to AI hyperscalers, with consumer prices surging nearly 50% as the storage industry pivots away from retail buyers.
OpenClaw Has 130 Security Advisories and Counting. How Did We Get Here?
OpenClaw's GitHub security advisories jumped from ~90 to 130 in 48 hours. With 40,000+ exposed instances, a poisoned plugin marketplace, and malware targeting Mac Minis, the most popular personal AI agent is also the most dangerous.
The #1 Skill on OpenClaw's Marketplace Was Malware: Inside the ClawHub Supply Chain Attack
1,184 malicious skills were found on OpenClaw's ClawHub marketplace - stealing SSH keys, crypto wallets, browser passwords, and opening reverse shells. One attacker uploaded 677 packages alone. The #1 ranked skill had 9 vulnerabilities and was downloaded thousands of times.
RAMmageddon: AI's Hunger for Memory Chips Is Starving the Rest of the Tech Industry
AI data centers now consume 70% of global memory production, triggering price surges, product delays, and warnings of manufacturer bankruptcies across consumer electronics.
Cline CLI Compromised: Hijacked npm Package Silently Installed OpenClaw on Developer Machines
A compromised npm publishing token allowed an attacker to push a malicious version of the Cline CLI that silently installed OpenClaw via a postinstall script. The incident was caught and fixed within hours.
