AgentsShai-Hulud 3.0: Self-Propagating NPM Supply Chain WormCybernews·high signalThird variant of registry-native worm, 500+ packages compromisedSourceSource pageCybernews↳ Follow the threadPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSStack layer / Threat patternOpen-Source Multi-Agent Firewall Intercepts Both HTTP(S) and WebSocket LLM TrafficarXivStack layer / Threat patternAWS open-sources Loom, an enterprise agent platform built on Strands Agents + Bedrock AgentCore RuntimeAWS Open Source BlogStack layer / Threat patternOpenClaw ships broad July 6 platform update: GPT-5.6 support, external harness attach, hardened provider I/OReleasebotStack layer / Threat patternMalicious agent skills evade every scanner: HKUST's SkillCloak beats detectors 90%+ of the time, SkillDetonate catches 97%Help Net SecurityStack layer / Threat patternMeta Stands Up a Cloud Business to Sell AI Compute — CoreWeave Stock Drops 14%The Motley FoolPolicy dependency / Stack layerKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker NewsStack layer / Threat patternCROSS-CATEGORY: Three Vendors in Three Unrelated Categories Shipped 'Agents That Supervise Other Agents' Inside Two WeeksVanta