SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Buckle Up: The Bad Guys Now Have A Model As Powerful As Mythos

China now has an open-weight model that can find software vulnerabilities and create attacks for anybody to use.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Computer Weekly

Secure Code Warrior CEO on surviving the AI ‘vulnerability apocalypse’

As enterprises embrace agentic AI and vibe coding, Secure Code Warrior CEO and co-founder Pieter Danhieux warns that ...
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...
winbuzzer.com

OpenAI Says GPT-5.5-Cyber Leads Claude Mythos, Expands Daybreak-Initiative

OpenAI is now turning its Daybreak initiative into a defensive cybersecurity program that combines Codex updates, the GPT-5.5-Cyber release and partner access for approved organizations. As OpenAI ...