cyberscoop.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-20.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-20 2026 | GitHub says internal repositories were taken in poisoned VS Code extension attackSupply Chain | Attack detailing a supply chain compromise where a poisoned Visual Studio Code extension, specifically a trojanized version of Nx Console, led to the exfiltration of GitHub's internal repositories. This incident highlights the risks associated with third-party developer tools, as compromised extensions operating within development environments can gain access to sensitive source code, credentials, and build systems, with a hacking group claiming responsibility for the attack. |
| 2026-05-12 2026 | Mini Shai-Hulud malware compromises hundreds of open-source packages in sprawling supply-chain attackSupply Chain | Library for detecting credential-stealing malware like "mini Shai-Hulud" that compromises open-source packages including TanStack and UiPath. This malware exploits automated software publishing, bypassing two-factor authentication and using cryptographically valid signatures. It targets cloud infrastructure like AWS, Google Cloud, and Kubernetes, stealing security keys and passwords via obfuscated payloads disguised as initialization modules. The campaign uses Bun for exfiltration via anonymous messaging and embeds itself in developer tools such as VS Code and Anthropic's Claude Code, highlighting vulnerabilities in CI/CD pipelines and developer tooling directories. |
| 2026-04-20 2026 | Vuln in Googles Antigravity AI agent manager could escape sandbox give attackers remote code executionAI | Vulnerability in Google's Antigravity AI agent manager allowed prompt injection to bypass secure mode, granting attackers remote code execution by exploiting the `find_by_name` native tool before sandbox protections engaged. This discovery, made by Pillar Security and since patched, highlights the risks of unvalidated input for agentic AI, similar to findings in Cursor, and emphasizes the need to move beyond sanitization controls for native tool parameters. |
| 2026-04-20 2026 | Why the Axios attack proves AI is mandatory for supply chain securitySupply Chain | Library for AI-powered security operations, necessitated by attacks like the recent Axios supply chain compromise by North Korean threat actors. This resource highlights how AI-driven monitoring can detect malicious code changes in real-time, a crucial capability against adversaries leveraging AI for automated reconnaissance and evasive malware. It argues that AI is essential for matching the speed and complexity of modern threats, transforming Security Operations Centers (SOCs) into agentic workflows that amplify human analysts and significantly reduce mean time to detect and respond. |
| 2026-04-13 2026 | OpenAIs Mac apps needs an update thanks to the Axios hackSupply Chain | Library update requiring macOS users to install the latest versions due to a supply-chain attack on the Axios JavaScript library. A North Korean hacking group (UNC1069) injected malware into Axios after compromising its lead maintainer's accounts, impacting downstream software through millions of weekly downloads. OpenAI treated its signing certificate as compromised due to a misconfiguration in its GitHub workflow, even though no evidence suggests user data access or code alteration. |
| 2026-01-15 2026 | CISAs secure-software buying tool had a simple XSS vulnerability of its ownXSS | Writeup of a cross-site scripting (XSS) vulnerability in CISA's "Software Acquisition Guide: Supplier Response Web Tool." The flaw, discovered by OWASP former leader Jeff Williams, allowed for JavaScript injection and potential website defacement. While CISA addressed and patched the vulnerability, its discovery highlighted potential gaps in basic security testing for tools intended to promote secure software development. |