Last Week in AppSec for 12. Feb 2026

This AppSec briefing highlights several active and high-risk issues: malicious dYdX packages published to npm and PyPI that harvest wallet credentials and include a Remote Access Trojan; a critical pre-auth OS command injection (RCE) in BeyondTrust Remote Support/Privileged Remote Access requiring immediate patching; emerging risks from AI memory poisoning and malicious agent "skills" that can steer assistants or reach tools and credentials; and a Docker Desktop for Windows local privilege escalation—each accompanied by concise remediation guidance.