SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Crowdfund Insider

250,000+ Potential Digital Security Issues in GitHub Actions Workflows Identified in New Report

Cybersecurity researchers at Kaspersky have identified more than 250,000 potential security misconfigurations across GitHub ...
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...
Developer Tech

GitHub brings agentic workflows to GitHub Actions

GitHub has released GitHub Agentic Workflows in public preview, adding support for coding agents inside GitHub Actions. The public preview follows a technical preview GitHub announced in February. At ...
Courthouse News Service

Washington Post hit with class action over ‘surveillance pricing’ scheme

Employees of the Washington Post picket outside the company's offices in downtown Washington, Thursday, Dec. 7, 2023, amid a one-day strike over labor issues. (AP Photo/Mark Schiefelbein, File) ...
Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...
The Hacker News

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub ...
Digital Spy

Exclusive: Hollyoaks to expose Beth's secret as Frankie takes action

Hollyoaks star Isabelle Smith has revealed an exciting new plot for her character Frankie Osborne, as she blackmails her aunt Beth Keane over a sinister secret. Frankie is set to find out the ...
ZDNet

Red Hat hit by npm supply‑chain attack - here's how to stay safe

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
GitHub

GitHub - scthornton/red-teaming-pipeline-integration: GitHub Actions CI/CD pipeline for automated AI red teaming with Palo Alto Networks Prisma AIRS · GitHub

Prisma AIRS Red Teaming CI/CD Pipeline Production-ready GitHub Actions workflow for automated AI Red Teaming of LLM-backed targets (apps, agents, model endpoints) using Palo Alto Networks Prisma AIRS.
slashfilm

The Onslaught Trailer Looks Like A Secret Sequel To An Action Cult Classic

Close enough, welcome back, "The Guest"! The trailer for Adam Wingard's "Onslaught" is here, and in addition to looking mighty fun, it also looks a lot like a secret sequel to "The Guest." In that ...