Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

Researchers warn malicious GitHub repositories can trick AI coding agents into running hidden malware through trusted setup steps, risking developer systems and credentials. Google - Gemini A newly ...

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Symantec and Carbon Black link Mistic backdoor attacks to KongTuke, using ClickFix lures and in-memory execution for stealthy ...

Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.

New research explains why AI models don't just hallucinate randomly but converge on the same invented names repeatedly. The pattern stems from how LLMs ...

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Sheffield startup OLO Robotics has built a way to program robots from a web browser, no PhD or coding experience required.

Hackers injected malware into 73 Microsoft GitHub repos on June 5, 2026. The attack targeted AI coding tools like Claude Code and VS Code. Read what happened.

Researchers have revealed what they claim to be a “new class of attack” which tricks AI coding agents into executing arbitrary code on developer machines. Tenet Security, which specializes in the ...