SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

In 2025 and 2026, several independent sources have highlighted the same trend: Prompt injection remains one of the most ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Decrypt

This AI Agent Survived 6,000 Hack Attempts—Here’s How

Developer Fernando Irarrázaval's AI agent experiment drew over 6,000 hack attempts from more than 2,000 attackers. No one ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Family Is Suing Roblox After Alleging the Platform Failed to Protect Their Daughter, 11, from Man Posing as Teen Boy

A Nevada family is suing Roblox, alleging the gaming platform let their child be groomed by an adult and failed to provide ...
Indiatimes

CANVA HACK

Instructure, the company behind the educational tool Canvas, has struck a deal with the hacking group ShinyHunters. This agreement secures stolen student and school data. ShinyHunters confirmed data ...
Hosted on MSN

Vercel says some of its customers’ data was stolen prior to its recent hack

App and website hosting giant Vercel on Thursdays said hackers had accessed some of its customers’ data before the company discovered its recent data breach, suggesting that this incident may have ...
VentureBeat

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

One employee at Vercel adopted an AI tool. One employee at that AI vendor got hit with an infostealer. That combination created a walk-in path to Vercel’s production environments through an OAuth ...