An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...

Researchers from Zscaler found a new malware campaign dubbed Edgecution.

The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs.

The AP/“FRONTLINE” investigation was based on tens of thousands of leaked scam center files, videos and photos; an analysis with C4ADS of misuse of artificial intelligence at scam centers; an ...

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

AIR says its fake AI skill passed scanner checks by using a mutable external link, exposing a blind spot in agent skill ...

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

Humans have been successfully trained to spot AI-generated faces in a study led by researchers at the Australian National ...

Noman Saleem impersonated crypto influencers on Telegram, luring victims into a fake staking scheme before vanishing with ...