Microsoft attributes the Mastra AI npm supply chain attack to Sapphire Sleet, a North Korean state actor: 144 packages backdoored via a hijacked contributor account, targeting LLM API keys, cloud credentials, and cryptocurrency wallets.
Microsoft attributes the Mastra AI npm supply chain attack to Sapphire Sleet, a North Korean state actor: 144 packages backdoored via a hijacked contributor account, targeting LLM API keys, cloud credentials, and cryptocurrency wallets.
Johann Rehberger's DEF CON Singapore research demonstrates how indirect prompt injection chains into Microsoft Copilot's memory feature to plant a persistent backdoor — one that survives across every future session, not just the compromised one.
CVE-2026-47729 (Squidbleed) is a heap buffer overread in Squid Proxy's FTP parser, present since 1997, discovered by Anthropic's Claude Mythos Preview: it leaks users' HTTP credentials and session tokens in corporate and shared proxy environments.
Sysdig caught a threat actor using a misconfigured Ollama instance as the reasoning engine for an automated offensive pentesting framework — a significant escalation from credential theft to weaponised AI infrastructure.
Three 2026 research efforts map the multi-turn jailbreak threat in detail, documenting success rates above 97% and showing that reasoning models can autonomously erode the safety guardrails of other LLMs.