ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished this all looks now. Mule networks run like SaaS.

The article describes several escalating cyber threats, including research showing that production AI agents can be phished or manipulated into leaking real credentials or executing attacker-controlled actions.[5][1] It also highlights polished criminal ecosystems (e.g., SaaS-like mule networks and high-end RATs) and public release of advanced attack kits, which lower the barrier for abusing AI-integrated systems.[5] From a CyberSE.AI perspective, this demonstrates the need for ongoing adversarial testing of AI agents against prompt- and content-based attacks, hardening of agent business logic and tool-use flows, and secure development patterns that treat AI agents as high-value, externally exposed services. Organizations relying on agents to process untrusted inputs (emails, documents, repos, browser data) should implement continuous red teaming, strict guardrails, and supply chain scrutiny around the models, plugins, and code they integrate.