Anthropic Officially Launches Project Glasswing — $100M Commitment, 12 Partners, Thousands of Zero-Days Found 2026-04-23 Security / AI CVEs / Research
Comment and Control — Prompt Injection Leaks Secrets in Three AI Coding Agents 2026-04-23 Security / AI CVEs / Research
LiteLLM PyPI Compromised — Multi-Stage Credential Stealer in 3M-Download Package 2026-04-23 Security / AI CVEs / Research
Lovable — BOLA Exposes AI Chat Histories and Database Credentials in Vibe Coding Platform 2026-04-23 Security / AI CVEs / Research
npm CanisterWorm — Self-Spreading Supply-Chain Attack Targets AI Agent Tooling 2026-04-23 Security / AI CVEs / Research
NVIDIA — Indirect AGENTS.md Injection in OpenAI Codex via Malicious Dependencies 2026-04-23 Security / AI CVEs / Research
Red Hat RHEL AI — Two InstructLab CVEs: Path Traversal & trust_remote_code RCE 2026-04-23 Security / AI CVEs / Research
Anthropic MCP Design Flaw Enables RCE Across the AI Ecosystem 2026-04-22 Security / AI CVEs / Research
Apache ActiveMQ CVE-2026-34197 — Claude Discovers 13-Year-Old RCE in 10 Minutes 2026-04-22 Security / AI CVEs / Research
Brex — CrabTrap Open-Source LLM-as-a-Judge Proxy for AI Agent Security 2026-04-22 Security / AI CVEs / Research
CSA Survey — 82% of Enterprises Have Unknown AI Agents in Their Environments 2026-04-22 Security / AI CVEs / Research
CVE-2026-26144: Excel XSS Chains to Copilot Agent for Silent Data Exfiltration 2026-04-22 Security / AI CVEs / Research
MCPwn: Actively Exploited nginx-ui Auth Bypass (CVE-2026-33032) 2026-04-22 Security / AI CVEs / Research
Pillar Security — Google Antigravity Sandbox Escape via Prompt Injection 2026-04-22 Security / AI CVEs / Research
CERT — CVE-2026-5752 Terrarium Sandbox Escape via Pyodide Prototype Chain Traversal 2026-04-22 Security / AI CVEs / Research
Hacktron — Claude Opus Builds Full Chrome Exploit Chain for $2,283 2026-04-21 Security / AI CVEs / Research
Gartner — Agentic AI Will Trigger Security Incidents at Scale 2026-04-21 Security / AI CVEs / Research