SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
XDA Developers on MSN

I went looking for the most useful things people built with Claude Code, and I found 6 worth stealing

Most of them replaced something you'd pay for ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
TMCnet

AgileAI Labs Unveils Spec2TestAI's Natural Language No-Code Automated Testing Tool

Software Development Teams build an end-to-end project knowledge base that self-improves generating enhanced, fully traceable ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...

OpenAI launches new initiative to help find and patch open source bugs

OpenAI announced a new initiative on Monday designed to help the open source community improve its cybersecurity game and ...
CBS News

Pentagon updates religious codes after criticism from Mormons

The Pentagon on Monday updated its religious affiliation codes after members of the Church of Jesus Christ of Latter-day Saints criticized the list because it did not describe LDS as a "Christian" ...

Broadcom Expands Its Investment in Spring and Java Ecosystem Security to Prepare Customers for AI-Enabled Threats

Today, Broadcom Inc. (NASDAQ: AVGO), a global technology leader that designs, develops, and supplies semiconductor and infrastructure software solutions, announced significant security investments for ...
techtimes

GitHub Copilot Replaces GPT-4 With Project Polaris, Ships Multi-Agent VS Code at Build

An audience member seated near a Microsoft logo listens as Microsoft Chairman and Chief Executive Officer Satya Nadella speaks during the Microsoft Build conference opening keynote in Seattle, ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...