Vulnerability
TeamPCP Compromises 170+ npm Packages in Coordinated AI Infrastructure Attack
Supply chain assault targets Mistral AI, TanStack, UiPath, and OpenSearch in first npm worm producing valid security provenance
CISA confirms months-long exploitation of critical cPanel flaw affecting 70 million domains
CVE-2026-41940 gave attackers root-level server access since February—two months before patches existed—exposing the fragility of delegated hosting infrastructure.
Google Patches CVSS 10.0 Flaw in Gemini CLI That Turned AI Developer Tool Into RCE Vector
A critical vulnerability in Google's AI command-line interface allowed attackers to execute arbitrary code through compromised GitHub Actions workflows, exposing systemic security gaps as enterprises rush AI tooling into production pipelines.
Microsoft’s Incomplete Patch Leaves Zero-Click Windows Flaw Active in Russian Attack Campaigns
A critical vulnerability Microsoft patched in February 2026 left behind a credential theft vector now actively exploited by Russian threat actors, forcing emergency re-patching across federal agencies.