SecurityWeek

New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Assume You Will Be Hacked

Companies are getting hacked every single day.” If the NSA is perturbed by the rise in cyberattacks, which it apparently is, ...
GMA Network

DICT probing into reported hacking of House website

Make this your preferred source to get more updates from this publisher on Google. The Department of Information and Communications Technology (DICT) is investigating the reported hacking of the House ...
CBS News

Iran-linked group claims hack of FBI drones, threatens World Cup, monitor says

An Iran-linked hacker group claims to have breached FBI drones and has threatened to target the World Cup that kicked off on Thursday, a monitoring group said Friday. The SITE Intelligence Group, an ...
Hosted on MSN

BeamMP hack reported as Discord compromised, website taken offline

The popular BeamNG.drive multiplayer mod BeamMP has been hit by a major security breach, with its Discord server compromised and core services temporarily taken offline. BeamNG.Drive is quite popular ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat ...
Android Authority

Anthropic's too-scary-to-release AI hacking tool is actually coming out — kind of

Anthropic is releasing a pair of its most powerful models to date with Claude Fable 5 and Mythos 5. While Mythos 5 is built to let security researchers discover vulnerabilities, the public Fable 5 has ...
The Verge

Hackers likely hijacked over 20,000 Instagram accounts with Meta’s AI chatbot

Meta blames a bug on an exploit that allowed hackers to ask its AI support bot to link a victim’s account with their own email. Meta blames a bug on an exploit that allowed hackers to ask its AI ...
The Verge

Meta says NSO is still trying to hack WhatsApp users.

Despite last year’s $167 million verdict against NSO Group for its Pegasus software hacking some 1,400 WhatsApp users, Meta says it has detected new spear phishing attacks on its platform from the ...
Bleeping Computer

Over 20,000 Instagram accounts stolen in Meta AI support hack

Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. As BleepingComputer reported ...