SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
TWCN Tech News

How to link GitHub to Visual Studio Code

We need to start by downloading the Git installer (e.g., 64-bit for Windows) from the official website (git-scm.com). Now, initiate the installation by clicking through the setup wizard. During the ...

WhatsApp Web Users Beware! CERT-In Warns Of Malware Attacks; Don’t Open These Files

Imagine you receive what looks like a video or a business document on WhatsApp Web. The attachment appears genuine, but clicking it silently installs malware on your computer ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
XDA Developers on MSN

These 4 PowerShell commands instantly fixed the most annoying problems on my Windows PC

Four scripts to fix them all ...

The Steam Workshop Is Being Used To Spread Malware To Thousands Of Users

Steam is one of the most popular storefronts in PC gaming, but it turns out that the Steam Workshop might presently be ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
WeLiveSecurity

FishMonger’s arsenal upgraded: SprySOCKS for Windows

ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced ...
CBS News

Pentagon updates religious codes after criticism from Mormons

The Pentagon on Monday updated its religious affiliation codes after members of the Church of Jesus Christ of Latter-day Saints criticized the list because it did not describe LDS as a "Christian" ...