SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
Latest Hacking News

What Is a Buffer Overflow? The Bug That Keeps Driving Critical CVEs

A buffer overflow happens when a program writes more data into a memory buffer than the buffer can hold. The extra bytes land in adjacent memory, corrupting whatever was there. If an attacker controls ...
GitHub

Sequel: The Database Toolkit for Ruby

Sequel is a simple, flexible, and powerful SQL database access toolkit for Ruby. Sequel provides thread safety, connection pooling and a concise DSL for constructing SQL queries and table schemas.
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
eWeek

Agentic AI Cheat Sheet: A Guide to AI Agents, Tools, and Risks

Agentic AI moves beyond chatbots into systems that plan, use tools, and act. Learn key terms, architectures, risks, ...
InfoQ

Grab Builds Secure Agentic AI Workload Platform

Grab's security team built Palana, a Kubernetes-native secure execution platform, to run autonomous AI agents safely. Unlike ...
GitHub

Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)

On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability.