Malicious code in @antv/f-vue (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4041 Malicious code in @antv/l7-layers (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

[SECURITY] Fedora 44 Update: goose-1.23.2-8.fc44

Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are delegated actors...

EUVD-2026-20564

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence typeenrichmentdata typically high-privilege...

CVE-2026-34724

Zammad (web-based helpdesk) contains a server-side template injection vulnerability leading to remote code execution via the AI Agent, present before version 7.0.1. The impact is restricted to environments where an attacker can influence type_enrichment_data (typically high-privilege administrati...

Parse Dashboard 安全漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 have security vulnerabilities. These vulnerabilities stem from the lack of enforcement of authorization for the AI Agent API endpoints, which may allow...

PT-2026-6965

Name of the Vulnerable Software and Affected Versions OpenCode affected versions not specified Description The software contains a remote code execution RCE issue. The RCE is triggered through command injection within JSON data sent to the AI agent. This allows for the execution of arbitrary...

PT-2025-44999

Name of the Vulnerable Software and Affected Versions DSPy affected versions not specified Description An overly permissive sandbox configuration in DSPy can allow attackers to steal sensitive files. This occurs when users create an AI agent that processes user input and utilizes the...