Dark Reading

Attackers Hijack Exposed AI Endpoints to Power Offensive Ops

Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.