SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

AI-Generated Fake Receipts Are Changing Expense Fraud

AI-generated fake receipts are making expense fraud cheaper, easier, and harder to detect, forcing companies to rethink how ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

As AI voices get harder to spot, ElevenLabs adopts Google’s SynthID to help you sniff the fakes

AI-generated voices are becoming nearly impossible to identify. ElevenLabs is now embedding invisible watermarks into its audio so you'll finally know when you're listening to AI.

Edge users beware — this malicious extension can break out of the sandbox and install ransomware

Researchers from Zscaler found a new malware campaign dubbed Edgecution.
The Hacker News

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

AIR says its fake AI skill passed scanner checks by using a mutable external link, exposing a blind spot in agent skill ...

AI tools that help students cheat are multiplying, and the detectors can’t keep up

A wave of new apps is helping students slip AI written homework past teachers undetected. Even companies selling AI detection tools are tangled up in the same problem.
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal credentials and wallet data.