Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. Each one is a little bundle of plain-English instructions, scripts, and files that a tool such as Claude Code or OpenAI Codex loads when it needs a new trick. One marketplace filled up with more than 40,000 listed skills within months of the format showing up in … More →
The post Malicious AI agent skills can slip past the scanners built to stop them appeared first on Help Net Security.

Umbrij Malware Lets ToddyCat Hackers Hijack Gmail Accounts Through Google API Abuse
A targeted campaign in which the ToddyCat (aka APT-style) group leverages a previously observed loader family, Umbrij, to hijack Gmail accounts by abusing Google APIs.


