#security

AI agent security failed in Meta’s support desk test

AI agent security is privileged access control for LLMs. Meta’s Instagram hack shows one support bot can turn account recovery into takeover.

Lars Cornelissen · Jun 5, 2026

Live Engineering

Miasma worm: live coverage of the Red Hat npm attack

Miasma is a self-propagating npm worm. It hijacked Red Hat's GitHub Actions OIDC trusted publishing to ship 96 backdoored @redhat-cloud-services versions whose preinstall hook runs a Bun credential stealer that then spreads with the secrets it steals.

Lars Cornelissen · Jun 5, 2026

Donut chart splitting seven TeamPCP waves by period: two in 2025, one in early 2026, and four in the May to June 2026 sprint.

Engineering

TeamPCP: the crew behind the npm worm hitting Red Hat

TeamPCP is the cybercrime crew behind the Shai-Hulud npm worm. It open-sourced the malware in May 2026, then poisoned Red Hat's packages and blurred the question of who to blame.

Lars Cornelissen · Jun 5, 2026