SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...
Developer Tech

Mozilla shows Claude Code malware risk in clean GitHub repo

Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a ...

FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...

These well-designed gadgets improve life on the move and at home

Keep activities powered, dial up the fun and add an extra layer of ease wherever with these clever gadgets that’ll make ...
Infosecurity MagazineOpinion

Ethical AI Is an Operational Discipline, Not a Philosophy

Safety requirements for AI in cybersecurity cannot be limited to proselytizing about good intents, it must demonstrate ...

North Korea-Linked macOS Malware Uses Prompt Injection to Evade AI Analysis

SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

Day 1 Keynote Video at Zenith Live '26: When the tools become the workforce - inside Zscaler's agentic security pitch in Vienna

Reporting from Zenith Live 2026 at VieCon Messe Wien this week, where Zscaler's argument is direct: the AI agents landing in every enterprise are both the new workforce and ...