Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Threat actors in Latin America have begun to use AI agents to facilitate their entire attack chains, from assisting with initial access to generating penetration tools on the fly — and organizations ...

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. Google says hackers used AI to help build a zero-day exploit, then stopped it ...

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...

Google says crooks already have AI cooking up zero-days, and claims one nearly escaped into the wild before the company stopped it. In a report shared with The Register ahead of publication on Monday, ...

Google has identified the first zero-day exploit likely developed by artificial intelligence, marking a new era in cyber warfare. The exploit targeted two-factor authentication (2FA) and featured code ...