Agents That Film Their Own Work: The Security Read on shot-scraper video
Simon Willison's shot-scraper 1.10 lets coding agents record video "proof" of browser-driven work using Playwright's new screencast API — a convenience that quietly expands the credential and trust surface security teams need to govern.
Short-Sleeve RSA: How Zero-Block Prime Structure Exposed 603 Private Keys in the Wild
Trail of Bits and the badkeys project have uncovered a new class of factorable RSA key — one defined by evenly spaced zero-bit blocks in its prime factors — and found hundreds already deployed in real TLS, SSH, and PGP infrastructure.
Ornith-1.0: What Self-Scaffolding Agentic Code Models Mean for Security Teams
DeepReinforce's Ornith-1.0 is the first open-weights model family trained to write its own agentic scaffolding. That capability shift has direct implications for prompt-injection blast radius and autonomous-agent attack surfaces.
Sacramento Police Drone Disarms Suspect — and Opens a New Cyber-Physical Attack Surface
On 22 June 2026, a Sacramento County Sheriff's drone stripped a knife from a suspect's hand using a high-powered magnet. Security practitioners should read this less as a policing milestone and more as the opening of a new attack surface.
Taiko Bridge Drained $1.7M After SGX Signing Key Exposed on GitHub
An attacker leveraged a publicly committed SGX enclave key to forge withdrawal proofs on Taiko's Ethereum L2 bridge, draining $1.7 million before block production was halted on 22 June 2026.
Secret Network–Axelar Bridge Drained $4.67 M via Infinite-Mint Bug Hidden for Seven Days
An attacker exploited a removed source-validation check to mint unbacked wrapped tokens on Secret Network, redeeming them through Axelar's legitimate channel — and nobody noticed for a week.
Counter-MEV Honeypot Drains jaredfromsubway.eth of $7.5 Million
Ethereum's most-active sandwich-attack bot was beaten at its own game — tricked by 66 fake token contracts into handing over real WETH, USDC, and USDT in a single sweep transaction.
Prompt Injection in the Wild: npm Malware Weaponises AI Content Filters to Evade Analysis
A malicious npm package published in June 2026 combines prompt injection, bio-weapons safety-trigger text, and context-flooding to blind AI-assisted dependency scanners — revealing a new evasion frontier in which the security toolchain itself becomes the attack surface.
AI Writes the CI/CD Pipeline: Auditing AI-Generated GitHub Actions Workflows
Simon Willison's browser-compat-db used two AI models to generate a complete build pipeline — a sign of where development is heading and a prompt to ask whether security review has kept pace.
Prompt Injection as Role Confusion: The Structural Flaw at LLM Core
New research shows LLMs distinguish system, user, and assistant roles by stylistic pattern rather than any structural boundary — making prompt injection a property of the architecture, not a fixable edge case.
Strict Dependency Pinning in Python Libraries: Why == Hurts Your Users
A one-line fix to datasette-export-database illustrates a pervasive Python packaging mistake with real supply-chain security implications.
Meta Prototypes Police Facial Recognition With Pentagon Supplier Rank One Computing
Dormant 'NameTag' code found in the Meta AI app and an active contract with a vendor serving Special Operations Command suggest Meta's Ray-Ban glasses are closer to live facial surveillance than the company has publicly indicated.
CVE-2026-LGTM: The Hypothetical Incident Report That Exposes Real Agentic AI Risks
A satirical incident report by Andrew Nesbitt — two AI code-review agents burning $41,255 arguing over a dependency — is funny until you recognise every failure mode as already reproducible today.
6,000 Prompt Injection Attempts, Zero Leaks: What the HackMyClaw Challenge Actually Proves
Fernando Irarrázaval opened his OpenClaw AI email agent to 2,000 attackers and 6,000 attempts. Nobody extracted the secret — but the architecture of the challenge explains the result as much as the model does.
Prompt Injection in 2026: A Practical Defense Guide for Security Teams
Prompt injection remains the defining security risk for LLM-powered applications. Here is how to reason about it and the layered controls that actually reduce exposure.