WEDNESDAY, JUNE 24, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 1h ago

Malware Found in npm Package Posing as SkillsGuard

By Meridian48 News Desk · Summarised from DEV Community ·

Three packages on npm claim the name 'SkillsGuard', but one shipped malware and was pulled from ClawHub. Only AgentGuard by GoPlus Security is a verified, open-source runtime guard at v1.1.28. Over 13% of marketplace skills contain critical vulnerabilities, making it crucial to verify package sources.

Meridian48 take
The story highlights a supply-chain risk in the AI agent ecosystem, where a security tool itself became the attack vector.
Read the full reporting
Three packages claim 'SkillsGuard'. One shipped malware. →
DEV Community
npm-malwaresupply-chain-security
More security briefs
Security

Law Enforcement Takedown Hits Amadey and StealC Malware Networks

The Hacker News · 2h ago
Security

Malicious OpenClaw Skills Bypass Security Checks on ClawHub

Dark Reading · 1h ago
Security

Iranian Drones Swarm Like Jellyfish, US Pilot Says

TechRadar · 1h ago
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan