Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
TMCnet

Permiso Security Launches SandyClaw, the First Dynamic Sandbox for AI Agent Skills

Permiso Security, the unified identity security platform, today announced SandyClaw, the first dynamic analysis platform for AI agent skills. SandyClaw executes skills in a sandboxed environment, ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

Sysdig Launches Runtime Security for AI Coding Agents

Sysdig, the leader in real-time AI-powered cloud defense, today announced runtime security for AI coding agents, enabling ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

8 Hidden Agent Features Exposed in the Recent Claude Code Source Code Leak

The Claude Code leak details the cloud.md memory system and MCP extensibility, including multi-agent coordination and hidden ...

RSAC 2026 shipped five agent identity frameworks and left three critical gaps open

CrowdStrike, Cisco, Palo Alto Networks, Microsoft and Cato CTRL all shipped agent identity frameworks at RSA Conference 2026 ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

OpenClaw has 500,000 instances and no enterprise kill switch

OpenClaw has reached 500,000 internet-facing instances with three unpatched high-severity CVEs, no enterprise kill switch, ...