SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
CoinDesk

Private keys, not smart contracts, caused 40% of crypto's $16 billion hack losses. Here's whats being done.

The industry is moving toward fixing the private key vulnerability issue, just not evenly, Wish Wu, co-founder and CEO of ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Customers Sue Madison Square Garden Over Hacking of 26 Million Records

Three class-action lawsuits accuse a hacking group of publishing data that included personal and corporate information stolen ...

LastPass data breach confirmed: Everything we know so far

Hackers used a backdoor through a little-known third-party app to steal LastPass customer data.
The Hacker News

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

This week's ThreatsDay Bulletin covers curl flaws, a critical Hoppscotch bug, smart TV proxyware, macOS ClickFix attacks, ...