Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...

Researchers warn malicious GitHub repositories can trick AI coding agents into running hidden malware through trusted setup steps, risking developer systems and credentials. Google - Gemini A newly ...

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

Shell Plc engages in the business of producing oil and natural gas. It operates through the following segments: Integrated Gas, Upstream, Marketing, Chemicals and Products, Renewables and Energy ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

You can wrap an executable file around a PowerShell script (PS1) so that you can distribute the script as an .exe file rather than distributing a “raw” script file. This eliminates the need to explain ...

Microsoft recently introduced at Build 2026 Microsoft Scout, an always-on agent. Scout belongs to a new category of agents ...