SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
GhanaWeb - Ghana HomePage

AI Coding Tools Can Be Tricked Into Running Malware: What Ghanaian Developers Need to Know

Researchers found a way to trick AI coding assistants like Claude into running malware hidden in GitHub repositories. Here's ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Nasdaq

25 Years of Evolving Battlefields: How Innovation Shapes Cyber Threats and Security

Building on the urgency outlined in the first article, this second piece - “25 Years of Evolving Battlefields: How Innovation Shapes Cyber Threats and Security” - examines the evolution of ...
The Hacker News

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new ...
The Hacker News

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally ...
Biometric Companies

Humanity Protocol key storage error, malware infection lead to massive token breach

There is no indication that the palm biometrics “Proof-of-Trust” nee “Proof-of-Humanity” startup Humanity Protocol uses for identity verification have failed. Instead, the company traces a massive ...
Infosecurity-magazine.com

Fake Software Tutorials on TikTok Spread Vidar Stealer

Threat actors have been using short-form videos on TikTok and Instagram Reels to push the Vidar infostealer, disguising the attacks as tutorials for unlocking premium software for free. New analysis ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads. Threat actors ...
Bleeping Computer

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets.
LinkedIn

Your Encryption Keys Are Your Business. Are They Treated That Way?

Most organisations have encryption. Far fewer have governance around the keys that make it work. Most organisations know their data is encrypted. Far fewer know exactly what they would do if one of ...