A developer reverse-engineering Anthropic's Claude Code binary discovered on June 30, 2026, that the tool had been silently encoding hidden signals into its AI system prompts for at least three months ...
Installing a piece of code from NPM will no longer auto-run malware on the system, and won’t quietly pull malicious code from external repos unless the developer explicitly allows it. But this won’t ...
Cybersecurity researchers at Kaspersky have identified more than 250,000 potential security misconfigurations across GitHub ...
Agentic AI workplace adoption has reached legal, finance, and recruiting teams, with new OpenAI research data showing ...
Hackers created a fake trading bot for Polymarket’s prediction markets on GitHub. The bot was used to spread malware that ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Cursor launched a public beta for iPhone and iPad that lets paid subscribers run, monitor, and review AI coding agents on ...
New benchmarks show semantic code graphs helping coding agents find change locations faster and complete updates more ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, and credential risk.