Tag: supply chain

How the Google Gemini CLI Flaw Turned CI/CD Pipelines into Remote Code Execution Risk

Artificial Intelligent, DevOps and Infrastructure, Hacking and Exploits, Web Development Leave a comment
How the Google Gemini CLI Flaw Turned CI/CD Pipelines into Remote Code Execution Risk

A critical remote code execution (RCE) vulnerability in the Google Gemini CLI and its associated GitHub Action exposed a startling weakness in how AI tooling can interact with developer infrastructure. Rated with the maximum CVSS score of 10.0, the bug allowed unprivileged external actors to execute commands on the machines running CI/CD workflows. This wasn’t a prompt-injection trick against a

Continue

Anthropic’s MCP Design Flaw: How a Protocol-Level Vulnerability Enables Remote Code Execution at Scale

Artificial Intelligent, Data Breach Leave a comment
Anthropic’s MCP Design Flaw: How a Protocol-Level Vulnerability Enables Remote Code Execution at Scale

A critical architectural flaw in Anthropic’s Model Context Protocol (MCP) ecosystem has exposed a vast number of downstream systems to remote code execution (RCE) risks. Researchers at OX Security found the issue embedded across official MCP SDKs for Python, TypeScript, Java, and Rust — meaning developers building on MCP inherit the vulnerability by design rather than through a simple coding

Continue

Accio and Alibaba: How AI Is Rewiring Sourcing for Small Online Sellers

Artificial Intelligent Leave a comment
Accio and Alibaba: How AI Is Rewiring Sourcing for Small Online Sellers

When Mike McClary decided to revive a discontinued flashlight that had once been one of his best sellers, he didn’t dust off the old supplier spreadsheet or spend weeks emailing factories. Instead, he opened Accio, an AI-powered sourcing assistant on Alibaba.com, and started a conversation. Within weeks he had a redesigned product, a recommended factory in Ningbo, and a projected

Continue

Supply-chain alert: axios NPM package poisoned to deliver WAVESHAPER.V2 backdoor

Web Development Leave a comment
Supply-chain alert: axios NPM package poisoned to deliver WAVESHAPER.V2 backdoor

A high-risk software supply chain attack has poisoned widely used axios npm releases, turning routine installs into a cross-platform compromise. Developers, CI/CD systems, and production pipelines that pulled the tainted axios versions (1.14.1 and 0.30.4) risked silently receiving a multi-stage backdoor that targeted Windows, macOS, and Linux hosts. Because axios sits deep in many dependency trees, a single malicious release

Continue

AstraZeneca Allegedly Targeted by LAPSUS$ — Claims of a 3GB Internal Data Dump

Cloud Computing, Compliance and Privacy, Data Breach Leave a comment
AstraZeneca Allegedly Targeted by LAPSUS$ — Claims of a 3GB Internal Data Dump

A known hacking collective identifying as LAPSUS$ has posted claims that it obtained and is attempting to sell a 3GB .tar.gz archive allegedly containing AstraZeneca internal data. As of the reports dated March 20, 2026, AstraZeneca had not issued a public statement confirming or denying the claim. What the threat actors presented The actors published teasers and screenshots on breach

Continue