A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
The Gaslight macOS malware from a North Korean cluster doesn't bypass AI analysis platforms yet, but its 38-message prompt injection cascade makes the direction of travel clear. Here's why this ...
The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.
The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs.
Researchers from Zscaler found a new malware campaign dubbed Edgecution.
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
CrowdStrike data and OpenAI's admission confirm prompt injection as a dominant enterprise AI attack vector. 65% of ...
A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...