Zenity Labs has documented attackers exploiting unpatched LiteLLM vulnerabilities and unauthenticated Ollama endpoints to run autonomous pentesting campaigns, steal compute, and exfiltrate data from victim organisations.
Zenity Labs has documented attackers exploiting unpatched LiteLLM vulnerabilities and unauthenticated Ollama endpoints to run autonomous pentesting campaigns, steal compute, and exfiltrate data from victim organisations.
A Censys scan found 12,520 publicly exposed MCP services — 40% with no authentication at all. Combined with 106 zero-days found in an automated academic scan and a CVSS 10.0 flaw in a popular MCP server, the AI agent infrastructure layer is becoming one of 2026's most under-patched attack surfaces.
Mozilla's Zero Day Investigative Network published research showing that Claude Code, Cursor, GitHub Copilot, and Gemini CLI can all be manipulated into executing attacker-controlled payloads delivered via DNS TXT records from seemingly clean GitHub repositories.
A solo researcher has documented 9,330 malicious GitHub repositories designed to poison AI coding agent sessions and deliver credential-stealing malware via blockchain-hosted C2 infrastructure.
A coordinated disclosure of 13 critical vm2 vulnerabilities in May 2026 exposed a structural problem: AI agent frameworks that use vm2 as a code execution sandbox convert a prompt injection into host-level RCE the moment the sandbox breaks. Here's the chain and what to do about it.