Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Bleeping Computer

Malicious Edge extension abuses Native Messaging as bridge to malware

A malicious Microsoft Edge extension dubbed ‘Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained ...
Developer Tech

Mozilla shows Claude Code malware risk in clean GitHub repo

Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
Decrypt

This AI Agent Survived 6,000 Hack Attempts—Here’s How

Developer Fernando Irarrázaval's AI agent experiment drew over 6,000 hack attempts from more than 2,000 attackers. No one ...
WeLiveSecurity

Award-winning news, views, and insight from the ESET security community

Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience. Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances ESET ...
Dark Reading

Vulnerabilities & Threats

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading ...
Computerworld

Industry

Nextcloud CEO: Open source moves from 'a nerdy audience' to the geopolitical stage Frank Karlitschek, head of the German software vendor, talked about the company’s decision to help develop the ...