This page collects WhisperX intelligence signals tagged #supply chain vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
The OpenClaw AI agent framework currently lacks any security warning when users load skills from unofficial sources, creating a direct path for attackers to compromise systems. This design flaw treats all skill loading paths with equal trust, enabling a 'sideloading' vulnerability analogous to installing unverified APK...
微软AutoGen框架的一个核心测试样本库被曝存在严重安全漏洞。安全扫描显示,AutoGen.Basic.Sample-0.2.3版本包含一个CVSS评分高达9.9的严重漏洞,且该漏洞被标记为“可被利用”。这一发现直接指向了项目依赖链中的一个关键弱点,可能影响基于该框架构建的AI应用的安全基础。 漏洞根源于项目依赖文件`AutoGen.Mistral.Tests.csproj`中引入的`Microsoft.SemanticKernel.Core`库(版本1.45.0)。该漏洞并非存在于AutoGen主代码中,而是通过其NuGet包依赖被引入。问题在项目的最新提交(c2e681ff)中被发现,表明当前活跃的开发分支已受到污染。高严重...
A critical security vulnerability in the widely used Ruby `json` gem has resurfaced, forcing development teams to urgently update dependencies. The flaw, tracked as CVE-2020-10663, is an "Unsafe Object Creation Vulnerability" that affects the JSON gem through version 2.2.0. This vulnerability is notably similar to the ...
A critical security vulnerability in the widely-used `semantic-release` automation tool has been patched, addressing a flaw that could expose sensitive secrets like API tokens and passwords to unauthorized actors. The vulnerability, tracked as CVE-2022-31051 (GHSA-x2pg-mjhr-2m5x), was present in versions prior to 19.0....
A research team at the University of Hong Kong's Data Intelligence Lab has inadvertently demonstrated a systemic vulnerability in AI coding agent ecosystems. Their tool, CLI-Anything, generates structured command line interfaces that allow AI agents to operate repositories with a single command—supporting Claude Code, ...
A high-stakes infrastructure overhaul targeting emerging zero-click exfiltration risks and supply chain vulnerabilities in coding agents has been submitted as a decisive delivery for the Senior AI Product Architect role. The initiative repositions MCP Any infrastructure from passive isolation toward active Platform-Res...