Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Tech Times

Cisco SD-WAN Zero-Day Exploit: Mandiant Reveals Malicious CSV Opened Root Shell

Cisco SD-WAN zero-day CVE-2026-20245 was exploited months before disclosure: Mandiant reveals how a malicious CSV file ...
Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
XDA Developers on MSN

These 4 PowerShell commands instantly fixed the most annoying problems on my Windows PC

Four scripts to fix them all ...
Infosecurity Magazine

Lookalike npm Package Hides a Multi-Stage Windows RAT

A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The ...
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
The Hacker News

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...

Vibecoded Malware Is Flooding the Internet

Vibe coding’s dark side, “vibe hacking,” is on the rise. Cybersecurity companies such as McAfee and Bitdefender have observed ...
Cartoon Brew

‘The Feeling Of Something Drawn By A Person’: Science Saru’s Strategy For A New ‘The Ghost In The Shell’ Adaptation

Continuing a blockbuster streak of series and features, Science Saru is taking on an anime icon. On Monday morning, Science Saru’s Toma “Mokochan” Kimura (director) and Kohei Sakita (producer) joined ...
Dark Reading

Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses

In a report this week, ESET tracks 35 separate Gamaredon spear-phishing campaigns against Ukraine carried out last year. In ...