AIBearisharXiv – CS AI · Jun 97/10
🧠Researchers demonstrate a novel data poisoning attack targeting world models used in robot learning pipelines, showing how malicious prompts or dynamics hidden in training data can be activated only when processed through world models to generate unsafe robotic policies. The attack bypasses traditional safety measures by appearing benign in ground truth datasets while compromising downstream robot learning systems, affecting both action-conditioned and text-conditioned models.
AIBearishArs Technica – AI · Jun 87/10
🧠Microsoft-packaged software repositories were compromised for the second time in weeks with 73 malicious packages containing credential-stealing malware that automatically executes when opened by AI agents. This represents a significant supply chain vulnerability affecting automated development workflows and highlights growing threats to AI-driven software development practices.
CryptoBearishcrypto.news · Jun 37/10
⛓️Microsoft has identified two malicious npm packages that distribute remote access trojan (RAT) malware capable of stealing cryptocurrency wallet credentials, screenshots, and keystrokes through Hugging Face infrastructure. The discovery highlights a critical supply chain vulnerability in JavaScript development ecosystems that directly threatens crypto users and developers.
🏢 Hugging Face
AI × CryptoBearishCoinDesk · May 297/10
🤖A sophisticated supply chain attack dubbed TrapDoor targeted developers across crypto, DeFi, AI, and security sectors by distributing malicious packages designed to steal wallet credentials, SSH keys, GitHub tokens, and cloud credentials. The campaign demonstrates escalating risks in open-source development ecosystems where attackers exploit developer trust to compromise both individual assets and organizational infrastructure.
$APT$SOL
AIBearisharXiv – CS AI · May 287/10
🧠Researchers identified 76 confirmed malicious AI agent skills across major marketplaces, with 13.4% of 3,984 analyzed skills containing critical security vulnerabilities. The findings highlight urgent risks as AI agents gain access to sensitive credentials and systems, with malicious payloads still publicly available on platforms like clawhub.ai.
AIBearisharXiv – CS AI · May 287/10
🧠Researchers have discovered SeedHijack, a supply-chain attack that compromises LLM watermarking schemes by hijacking the pseudo-random number generator (PRNG) used in watermark implementation. The attack amplifies watermark signals while remaining undetectable by current defense mechanisms, exposing a critical vulnerability in cryptographic content-provenance systems that assumed PRNG trustworthiness.
CryptoBearishU.Today · May 257/10
⛓️SlowMist, a blockchain security firm, has identified a sophisticated 'TrapDoor' virus executing a cross-registry supply chain attack targeting developers in Solana, DeFi, and AI sectors to steal private keys. The campaign demonstrates evolving threats beyond traditional exchange hacks, directly compromising developer wallets and private key infrastructure.
$SOL
AIBearisharXiv – CS AI · May 127/10
🧠Researchers demonstrate SeedHijack, a supply-chain attack exploiting pseudorandom number generators in LLM sampling to inject arbitrary tokens without modifying model weights, achieving 99.6% success rates across multiple models. A quantum random number generator-based defense is proposed that neutralizes the attack with minimal performance overhead.
AIBearisharXiv – CS AI · May 17/10
🧠Researchers demonstrate a novel attack that steals sensitive secrets (API keys, personal identifiers, financial records) from locally fine-tuned language models by embedding malicious code in model architectures. The attack achieves over 98% success rate and bypasses current defense mechanisms including differential privacy and code auditing, exposing a critical supply-chain vulnerability in AI model development.
CryptoNeutralcrypto.news · Apr 207/10
⛓️Binance confirmed that user funds and platform security remain intact following a $2 million data breach at Vercel, a cloud hosting platform widely used by crypto projects for front-end deployment. The incident highlights the vulnerability of Web3 infrastructure to supply chain attacks through third-party service providers.
$XRP
DeFiBearishProtos · Apr 207/10
💎Vercel, a popular deployment platform for web applications, suffered a security breach that exposed its internal systems to attackers. The incident poses significant risk to DeFi platforms built on Vercel's infrastructure, as attackers could potentially inject malicious code into Next.js applications, threatening user funds across the ecosystem.
AI × CryptoBearishCoinDesk · Apr 207/10
🤖Vercel, a critical infrastructure provider for web3 applications, experienced a security breach involving a compromised AI tool that potentially exposed API credentials used by crypto developers. The incident threatens the security of frontend applications that connect blockchain wallets to trading interfaces and backend services.
DeFiBearishBlockonomi · Apr 57/10
💎Resolv protocol suffered a $25M loss when attackers minted 80M USR tokens illegally by compromising their off-chain signing infrastructure through a contractor's compromised GitHub credentials. The attack occurred on March 22, 2026, with approximately 46M of the illicitly minted tokens later neutralized through burns and blacklisting measures.
CryptoBearishcrypto.news · Mar 177/10
⛓️A Chinese hacker group disguised as a cybersecurity firm has stolen $7 million through supply-chain attacks targeting crypto wallets including Trust Wallet. The operation was exposed after an internal dispute led to a whistleblower leak revealing their methods and targets.
AINeutralOpenAI News · Apr 106/10
🧠OpenAI disclosed and responded to a supply chain attack targeting its Axios developer tool by rotating macOS code signing certificates and updating affected applications. The company confirmed that no user data was compromised in the incident, demonstrating both the vulnerability of developer tools in software ecosystems and the importance of rapid security response protocols.
🏢 OpenAI
