Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Developer Tech

Mozilla shows Claude Code malware risk in clean GitHub repo

Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Bleeping Computer

Malicious Edge extension abuses Native Messaging as bridge to malware

A malicious Microsoft Edge extension dubbed ‘Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained ...
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

Edge users beware — this malicious extension can break out of the sandbox and install ransomware

Researchers from Zscaler found a new malware campaign dubbed Edgecution.
CSOonline

Be on the lookout for Mistic, a new backdoor used by ransomware broker

The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs. Researchers have identified a new backdoor program that has been ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
The Hacker News

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

AIR says its fake AI skill passed scanner checks by using a mutable external link, exposing a blind spot in agent skill ...

Methodology for AP/'FRONTLINE’ investigation into how US tech is abused for global scams

The AP/“FRONTLINE” investigation was based on tens of thousands of leaked scam center files, videos and photos; an analysis with C4ADS of misuse of artificial intelligence at scam centers; an ...

As AI voices get harder to spot, ElevenLabs adopts Google’s SynthID to help you sniff the fakes

AI-generated voices are becoming nearly impossible to identify. ElevenLabs is now embedding invisible watermarks into its audio so you'll finally know when you're listening to AI.The Latest Tech News, ...