Every incident your team
needs to know. Every week.

11 incidents. The Klue OAuth supply-chain breach swallowed the security industry — LastPass, BeyondTrust, Snyk, HackerOne, and Tanium breached through stolen tokens with zero CVEs. ShinyHunters walked into Medtronic, Wynn, and 7-Eleven the same way. Mastra npm backdoor targets AI agents, Texas Parks & Wildlife loses 3M via a vendor, Ubiquiti UniFi triple CVSS 10.0, Cisco Unified CM SSRF, and Splunk's first-ever KEV zero-day.

12 incidents. Cisco ISE unauthenticated-to-root RCE and a Catalyst SD-WAN zero-day on the CISA KEV with no patch. Fortinet FortiSandbox under active attack. Microsoft's record 200+ CVE Patch Tuesday with a Defender zero-day. "Agentjacking" hijacks Claude Code and Cursor via Sentry. SAP SAML bypass, Joomla JCE CVSS 10.0, Klue OAuth Salesforce theft, and SpyCloud's 18.1M exposed API keys.

10 incidents. University of Toronto self-replicating AI worm runs on local open-weight models — no cloud API. LiteLLM CVE-2026-42271 CISA KEV chains to unauthenticated CVSS 10.0 RCE. Claude Fable 5 + Mythos 5 ship with mandatory 30-day data retention. AI agent demonstrated leaking real credentials via phishing. Oracle PeopleSoft ShinyHunters hits 100+ orgs. OWASP: prompt injection still drives most agentic failures.

13 incidents. Claude Code GitHub Actions prompt injection hijacks repos via one malicious issue. LLM agent deployed post-exploitation inside compromised environment. Red Hat Miasma worm backdoors 32 official npm packages targeting K8s and Vault credentials. HTTP/2 Continuation Flood hits NGINX, Apache, IIS, Envoy, Cloudflare simultaneously. Cisco SD-WAN CVSS 10.0 zero-day. Windows Netlogon DC RCE. Frost Bank + Slim CD + DentaQuest 2.6M.

10 incidents. 3 critical. GreyVibe used ChatGPT and Gemini as structured kill-chain infrastructure. A malicious npm package harvested Claude API credentials. GitHub lost 4,000+ repos to a stolen PAT token. Carnival and Charter exposed 48M+ combined consumer records. Every frontier model failed multi-turn adversarial testing. Verizon DBIR: exploit-based initial access hits 31%, highest ever.

Your supply chain is your attack surface. A malicious npm package hit OpenAI's internal toolchain via TanStack Query. GitHub's OAuth flow was exploited to clone 4,000 private repos. CISA accidentally published AWS GovCloud credentials. Plus: a GPT-4o jailbreak served live malware, agentic AI frameworks found triple-vulnerable, and enterprise LLM deployments leaking system prompts at scale.

Pattern of the week: forgotten access. ShinyHunters hit Zara — 197,000 records via an API key Inditex gave a vendor and never revoked, 11 months stale. Plus TrustFall RCE in Claude Code, Cursor, Gemini CLI, Copilot CLI; persistent OAuth theft via Claude Code MCP; NVIDIA NemoClaw sandbox exfiltration; OpenLoop Health 716K patient records; Foxconn Nitrogen ransomware; banks overlooking AI risk at the database layer.

13 incidents: Palo Alto PAN-OS zero-day RCE exploited before patch, Canvas 275M student breach during finals week, Windows Defender CVE-2026-33825, DPRK AI-generated npm malware, WatchGuard Firebox zero-day, and 1 million exposed AI service endpoints with no auth.

SAP npm packages hit by self-propagating supply chain worm stealing CI/CD secrets. ClickUp hardcoded API key exposed enterprise and government orgs for over a year. Microsoft SharePoint zero-day actively exploited on 1,300+ servers. Medtronic loses 9M records. ADT 5.5M SSO compromised.

CVSS 10 RCE in Gemini CLI lets attackers inject commands through malicious repositories. LiteLLM CVE actively exploited in the wild. Cursor IDE exposes arbitrary code execution. VS Code Copilot co-author injection confirmed. Six incidents that escalate the agentic attack surface.

MCP RCE design flaw. Claude Mythos discovers 271 Firefox zero-days autonomously. Prompt injection → code execution in developer IDEs. Microsoft & Salesforce emergency data leak patches. CSA formal CISO advisory on the post-Mythos exploit storm.

824 malicious OpenClaw skills. A $10B startup breached via a 40-minute PyPI window. Microsoft's own MCP server with zero auth. This is the week AI agent security became everyone's problem.