Security Boulevard

Cut your coding agent’s cost with Sonar Vortex

New benchmarks show semantic code graphs helping coding agents find change locations faster and complete updates more ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
International Business Times

Malicious GitHub Repositories Could Trick AI Coding Agents Into Running Hidden Malware, Researchers Warn

Researchers warn malicious GitHub repositories can trick AI coding agents into running hidden malware through trusted setup steps, risking developer systems and credentials. Google - Gemini A newly ...
Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The Hacker News

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

Symantec and Carbon Black link Mistic backdoor attacks to KongTuke, using ClickFix lures and in-memory execution for stealthy ...
Visual Studio Magazine

Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem

Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.