Bash is a tool tracked across 16 threat clusters and 17 intelligence report mentions on ThreatCluster. First observed November 27, 2025; most recent activity July 1, 2026.
A cyber campaign attributed to the threat actor INJ3CTOR3 is targeting FreePBX systems, deploying a new PHP webshell named JOMANGY. This operation utilizes a six-layer persistence mechanism to maintain control over…
A Linux user attempted to use OpenAI's Codex AI agent for incident response during a cyberattack but faced significant challenges. The user was unaware that at least two threat actors had compromised their system,…
A survey by Adversa AI revealed a critical shell injection vulnerability, named GuardFall, in 10 out of 11 popular open-source AI agents. This flaw allows attackers to bypass command filters, potentially leading to…
BeyondTrust has issued a warning regarding a critical remote code execution (RCE) vulnerability in its Remote Support and Privileged Remote Access software. The flaw, tracked as CVE-2026-1731, allows unauthenticated…
Security researchers discovered a critical vulnerability in three AI agents integrated with GitHub Actions: Anthropic's Claude Code Security Review, Google's Gemini CLI Action, and Microsoft's GitHub Copilot. The…
The Shai Hulud worm has compromised more than 26,000 public repositories in a supply chain attack. The attack targeted various npm packages, exploiting vulnerabilities that allowed unauthorized access to these…
Researchers from Mozilla's 0DIN have demonstrated a new attack vector that allows AI coding agents, specifically Anthropic's Claude Code, to execute malicious payloads from seemingly benign GitHub repositories. The…
Microsoft has identified a new exploit chain named AutoJack that allows attackers to achieve remote code execution (RCE) through web-enabled AI agents, specifically targeting AutoGen Studio. The exploit leverages three…
On March 31, 2026, Anthropic inadvertently exposed the entire source code of its AI tool, Claude Code, by including a 59.8 MB source map file in a public npm package. This leak, caused by human error, allowed access to…
Recent research by Cisco Talos reveals that attackers are increasingly leveraging native macOS features to execute code and move laterally within enterprise environments. With over 45% of organizations now using macOS,…