SecurityWeek

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
CSO Online

Hackers exploit critical PTC Windchill PLM software flaw

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...