If you are using Claude Code, Codex, Gemini or any other tool for coding on your desktop, you might want to pay attention to this. https://www.trendmicro.com/zh_hk/research/26/c/axios-npm-package-compromised.html https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package https://www.sophos.com/en-us/blog/axios-npm-package-compromised-to-deploy-malware I have just woke up, but apparently there has been huge supply chain attack. At the moment I'm working on threat hunting. Here is the KQL hunt query. Might be useful to someone. let TimePeriod = 3d; // Hash IOCs let AxiosIOCMD5 = dynamic([ "21d2470cae072cf2d027d473d168158c", "db7f4c82c732e8b107492cae419740ab", "7658962ae060a222c0058cd4e979bfa1", "089e2872016f75a5223b5e02c184dfec", "04e3073b3cd5c5bfcde6f575ecf6e8c1", "7a9ddef00f69477b96252ca234fcbeeb", "9663665850cdd8fe12e30a671e5c4e6f", "8c782b59a786f18520673e8d669e3b0a" ]); let AxiosIOCSHA1 = dynamic([ "2553649f2322049666871cea80a5d0d6adc700ca", "d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71", "07d889e2dadce6f3910dcbc253317d28ca61c766", "b0e0f12f1be57dc67fa375e860cedd19553c464d", "978407431d75885228e0776913543992a9eb7cc4", "a90c26e7cbb3440ac1cad75cf351cbedef7744a8", "13ab317c5dcab9af2d1bdb22118b9f09f8a4038e", "59faac136680104948e083b3b67a70af9bfa5d5e", "ae39c4c550ad656622736134035f17ca7a66a742" ]); let AxiosIOCSHA256 = dynamic([ "5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd", "59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f", "58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668", "e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09", "f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd", "617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101",

https://youtu.be/E_zDr_3V-WU

📉 The $2.77 Exploit: AI Slashes Cost of Weaponizing Vulnerabilities What happened: A new report from Booz Allen reveals that the cost to automatically generate working exploits for CVEs has dropped to as little as $2.77 using AI tools. At the same time, nearly 60% of critical vulnerabilities remain unpatched past CISA deadlines, highlighting a widening gap between attacker speed and defender response. 🔗 https://industrialcyber.co/article/booz-allen-warns-ai-driven-cyberattacks-outpace-human-driven-defenses/ 🤖 HiddenLayer Report Highlights Rise of Agentic AI Breaches What happened: The 2026 AI Threat Landscape Report shows that 1 in 8 AI-related security incidents now involve agentic systems. The report also found that 35% of AI breaches originate from malicious models in public repositories, while shadow AI usage has reached 76% across enterprises, significantly expanding the attack surface. 🔗 https://businessjournaldaily.com/ai-security-company-releases-2026-threat-report/ 🎭 ‘InstallFix’ Campaign Uses Fake Docs to Deliver Infostealers What happened: A new social engineering campaign dubbed InstallFix targets developers by cloning legitimate documentation (including AI tooling docs) and embedding malicious installation commands. Victims unknowingly execute scripts that deploy the Amatera infostealer, capable of harvesting credentials, session tokens, and browser data. 🔗 https://pushsecurity.com/blog/installfix 🆔 SpyCloud Report: Machine Identities Become Primary Target What happened: SpyCloud’s latest research shows a major shift from human credentials to non-human identities (NHIs) such as API keys and session tokens. Stolen identity records increased significantly, with attackers using these composite identity profiles to bypass MFA and move laterally across cloud environments.

Hello everyone, if you are working on your lab and you decide to import Playbooks from templates it can cause issues. I have just tried some Playbooks, which are prepared for you and once I edited variable, it resulted in error. The best workaround was to just delete variable and create a new one. So if you want to change prompt, key and so on. That's the easiest solution.

Just saw this and it doesn't surprise me? Considering how good is Israels in intelligence and cyber security in general. No wonder they use AI more than anyone. Of course other AI tools exists, but at the end of the day. Claude was used by China as the LLM for first mostly autonomous hacking with AI.