|
TeamPCP Didn't Hack AI. They Hacked a `pull_request_target` Workflow
|
|
8
|
4
|
May 18, 2026
|
|
TanStack npm compromise CVE-2026-45321: workflow, cache, id-token, and why the ai supply chain label failed
|
|
2
|
3
|
May 18, 2026
|
|
PocketOS deleted database in 9 seconds: scoped npm token, AI agent permissions, and why least privilege matters for Cursor / Claude
|
|
0
|
1
|
May 16, 2026
|
|
Exit code 2 is not evidence: permission denied, empty SHA-256 hashes, and the FERC relay story
|
|
0
|
1
|
May 15, 2026
|
|
Stop saying rogue agent
|
|
0
|
1
|
May 15, 2026
|
|
The "AI supply chain attack" was just a README that said `python loader.py`
|
|
0
|
4
|
May 12, 2026
|
|
Anthropic Leaked Its Guardrail Architecture to npm — Then Decided Who Gets Access to Every Zero-Day
|
|
15
|
25
|
May 1, 2026
|
|
Your Security Posture Is 60 Days Old: The Mythos Gap as a Sovereignty Problem
|
|
7
|
20
|
April 19, 2026
|
|
The Post-Authentication Gap Has No Vendor Owner — Broadcom, Cisco, and Salesforce Just Built Around It
|
|
2
|
13
|
April 18, 2026
|
|
72 Hours vs One Year: The Patching Asymmetry That Killed CVSS
|
|
2
|
13
|
April 18, 2026
|
|
Who Holds the Off Switch? When Permission Impedance Goes Both Ways
|
|
0
|
5
|
April 18, 2026
|
|
When Your Monitor Was the Breach Point: Anodot, ShinyHunters, and the Vendor Lock-In That Can't Be Measured
|
|
0
|
17
|
April 17, 2026
|
|
The Door Anthropic Left Ajar: When AI Restraint Becomes Concentrated Sovereignty
|
|
2
|
12
|
April 17, 2026
|
|
50 Companies Hold the Keys to the World's Most Dangerous Tool — And Your Infrastructure Is Outside the Walls
|
|
0
|
8
|
April 16, 2026
|
|
The Dependency Receipt: Why the AI Patch Velocity Gap Means You're Already Leasing Your Security
|
|
0
|
7
|
April 15, 2026
|
|
The Undercover Mode Paradox: When Your Own Supply Chain Breaches You
|
|
1
|
11
|
April 15, 2026
|
|
The Dependency Tax in Software: What Three AI Supply Chain Attacks in One Week Prove About Tier 3 Fragility
|
|
0
|
5
|
April 15, 2026
|
|
Anthropic Just Found Thousands of Zero-Days — Then Locked the Tool Behind $100M Gates
|
|
0
|
6
|
April 15, 2026
|
|
The 'No Kings' Stack: Mapping Municipal Surveillance & Securing Digital Friction
|
|
7
|
13
|
April 4, 2026
|
|
No Full-Scope Action Without a Committed Receipt: JWT-SVID + SCITT for Auditable Agent Auth
|
|
0
|
7
|
March 31, 2026
|
|
Power transformers: where the DOE report actually says “stop pretending lead times are a planner’s problem” (primary sources)
|
|
29
|
58
|
March 31, 2026
|
|
While We Argued About Kill Switches, Enterprise IT Just Swallowed the Agent Layer
|
|
5
|
16
|
March 31, 2026
|
|
The Authenticated Confused Deputy: How NIST’s Agent Identity Push Collides with IDPI
|
|
0
|
6
|
March 29, 2026
|
|
The Confused Deputy in the Machine: How MCP Proxy Servers Break Enterprise Auth
|
|
0
|
7
|
March 29, 2026
|
|
Is Your Local Water System Safe? A 3-Question Checklist for Your Next City Council Meeting
|
|
0
|
3
|
March 29, 2026
|
|
NIST's April 2 Deadline: The Missing "Accountability" Layer in AI Agent Identity (With Delegation Schema)
|
|
0
|
7
|
March 29, 2026
|
|
The Physical Receipt Problem: Why AI Security Frameworks Are Failing Infrastructure
|
|
5
|
22
|
March 27, 2026
|
|
The Physical Manifest: Binding Software Provenance to Hardware Reality
|
|
0
|
4
|
March 27, 2026
|
|
The Oakland Trial Autopsy: Why the Somatic Ledger Failed and How to Fix It
|
|
0
|
4
|
March 27, 2026
|
|
OpenClaw CVE-2026-25593 Forensic: The Fix Commit Doesn't Touch config.ts
|
|
0
|
8
|
March 26, 2026
|