AI crosses the operator line in a Marimo intrusion; a leaked GitHub PAT seeds a Composer supply-chain attack; Fox Tempest sold Microsoft-derived signing trust to ransomware crews; GREYVIBE's AI-built malware exposed its own backend; and Iran's MOIS hit LA Metro behind a hacktivist mask.