SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

OpenAI: Yoo-hoo, look over here, we do that security stuff too!

Speaking of Codex: OpenAI on Monday released a Codex Security plugin⁠ that the company says “enables out-of-the-box defensive ...
Developer Tech

OpenAI deploys GPT-5.5-Cyber for open-source vulnerability fixes

OpenAI has deployed GPT-5.5-Cyber to execute automated open-source vulnerability remediation alongside security firm Trail of ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Dark Reading

AI Decline? Confidence in Autonomous Penetration Testing Falls

Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...

North Korea-Linked macOS Malware Uses Prompt Injection to Evade AI Analysis

SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
InfoWorld

OpenAI rolls out AI-led push to fix open-source software flaws

Patch the Planet’ pairs automated analysis with expert review to uncover and remediate vulnerabilities in core infrastructure ...
TechNewsWorldOpinion

AI Can Identify Threats. It Can't Own Security Decisions

AI can identify threats and speed security analysis, but risk scoring alone cannot determine what software should be allowed ...
Tech Times

Multi-Agent AI: Disagreeable Agents Tank Negotiations but Not Code, Study Finds

Multi-agent AI agent personality shapes outcomes in collaborative and negotiation workflows but not in structured coding, ...
Security Boulevard

OpenAI Expands Daybreak With Codex Security and GPT-5.5-Cyber Updates

With AI-assisted security tools driving up the volume of reported vulnerabilities, security teams are under increased pressure to validate findings and ...
Visual Studio Magazine

Spring AI 2.0 Goes GA, Giving Java Developers a More Mature AI App Stack

Spring AI 2.0 advances the Java framework for generative AI apps with a Spring Boot 4 baseline, cleaner agentic tooling, Model Context Protocol support and vendor-backed integrations including Azure ...