North Korea-Linked macOS Malware Uses Prompt Injection to Evade AI Analysis

SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

Prompt injection remains the most effective way to compromise enterprise AI systems because it exploits the fundamental way ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Add Decrypt as your preferred source to see more of our stories on Google. Microsoft researchers found that Anthropic's Claude Code GitHub Action could be manipulated through prompt injection attacks.
Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...
IEEE

CID4IoT: IoT-Oriented Command Injection Vulnerability Detection Based on Critical Code Extraction and LLM Analysis

Abstract: The Internet of Things (IoT) devices have brought invaluable convenience to our daily lives. However, they also introduce significant security challenges. Common vulnerabilities in numerous ...
IEEE

CoinDef: A Comprehensive Code Injection Defense for the Electron Framework

Abstract: The increasing popularity of cross-platform frameworks like Electron underscores the appeal of using familiar web technologies for desktop application development. Electron fuses the web and ...