A CVSS 10.0 vulnerability in React Server Components is being actively exploited to steal AI platform API keys, cloud credentials, and payment secrets from hundreds of Next.js deployments. Here’s how the attack works and what your team should do right now.
Over 40,000 OpenClaw AI agent instances were found exposed to the internet, with 63% vulnerable to remote exploitation. Combined with a coordinated supply chain attack on the ClawHub marketplace that planted 824 malicious skills, the OpenClaw crisis is a wake-up call for anyone deploying agentic AI.
A supply chain attack on LiteLLM pushed malicious packages to PyPI that harvested credentials from an estimated 500,000 machines in under an hour. This post dissects the attack chain, the cascading damage across AI infrastructure, and the hard lessons for organizations running open-source AI tooling.
