SecurityWeek

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Tech Times

Linux Kernel Root Exploit Published: DirtyClone Attack Leaves No Trace

Linux kernel privilege escalation exploit DirtyClone (CVE-2026-43503) is publicly documented: JFrog published a working attack walkthrough Thursday showing how any local user can gain root on ...
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Live Bitcoin News

Ethereum’s Most Notorious Sandwich Attacker Loses $7.5M: Here’s How

JaredfromSubway.eth lost $7.5M in a honeypot exploit. Chainalysis tracked the funds straight to Tornado Cash. Here's what ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...

Stealthy Mistic backdoor linked to ransomware access broker KongTuke

A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, ...
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...