ZERO-APT: A Closed-Loop Adversarial Framework for LLM-Driven Automated Penetration Testing under Intelligent Defense

LLM-driven automated penetration testing agents are typically evaluated against static targets that neither detect nor respond to attacks, so their behavior under intelligent defense remains untested. The causal consistency of multi-step attack chains likewise hinges on unstable LLM reasoning, an...

MAL-2026-5144 Malicious code in @redhat-cloud-services/notifications-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Protecting On-Device AI Inference: A Systematic Review of Attacks and Defence Mechanisms

The need for secure and private Artificial Intelligence AI and Machine Learning ML on edge and mobile devices has increased the necessity of protecting the architecture of these systems from threats to both security and privacy. With an ever-increasing number of pre-trained AI models being used o...

MAL-2026-4823 Malicious code in msc-terminal (npm)

Part of a multi-package malicious campaign, msc-terminal npm author nhpkevte1576 carries the same payload as eo-terminal and logger-draft — a fully-featured infostealer and remote access trojan RAT deployed via a postinstall hook. All three packages share the same C2 infrastructure and attack...

CVE-2026-42944

A flaw was found in Unbound, a Domain Name System DNS resolver. A remote attacker could trigger a heap overflow by sending specially crafted DNS reply packets. This occurs when Unbound attempts to encode multiple Name Server Identifier NSID or Extension Mechanisms for DNS EDNS Cookie options, or...

CVE-2026-42944

NLnet Labs Unbound 1.14.0–1.25.0 is affected by a heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in replies. The vulnerability requires the options (nsid, answer-cookie, pad-responses) to be enabled, and a querier can trigger the overflow by attaching...

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. There are security vulnerabilities in the version of NLnet Labs Unbound from 1.14.0 to 1.25.0. These vulnerabilities stem from the truncation of size calculations when encoding multiple NSIDs and/or DNS Cookies, as...

Detecting Offensive Cyber Agents: A Detection-In-Depth Approach

Artificial Intelligence AI agents can now orchestrate cyberattacks. This development is already increasing the speed and scale of cyber attacks, decreasing attack costs, and improving the operational autonomy of cyber capabilities. To defend against these emerging threats, actors must first devel...

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

Cisco Talos has uncovered a BadIIS variant -- identifiable by its embedded "demo.pdb" strings -- that functions as commodity malware. This variant is likely sold or shared among multiple Chinese-speaking cybercrime groups that operate under a malware-as-a-service MaaS model for continuous...

Malicious code in @antv/x6-vue-shape (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-3881 Malicious code in @antv/f-charts (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g6-core (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/x6-plugin-snapline (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/react-g (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4088 Malicious code in @antv/thumbnails (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/f2-canvas (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4083 Malicious code in @antv/scale (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/component (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/g-svg (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/data-samples (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...