SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
GitHub

Rhai - Embedded Scripting for Rust

As of this version, stdweb is no longer supported for WASM builds because of changes to getrandom starting from version 0.3.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

New macOS ClickFix attack silently mounts DMGs to push infostealer

A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from ...