SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...

Animals with Nature’s Most Perfect Geometric Patterns

Some animals carry patterns so precise and mathematically exact that scientists struggle to explain how nature produced them ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Windows Latest

Microsoft called Linux a cancer, now ships its own free distro that’s nothing like Ubuntu or Fedora

Azure Linux 4.0 is Microsoft's own Fedora-derived Linux distro for Azure cloud workloads. Here is how it compares to Ubuntu, ...
The Hacker News

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

Flipper Device’s new Busy Bar is a customizable display for productivity

Flipper Device's new Busy Bar will retail for $249.
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Developer Tech

Mozilla shows Claude Code malware risk in clean GitHub repo

Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...

Surface RTX Spark Dev Box Features, Price, Specs, Where to buy, Release date

Surface RTX Spark Dev Box is a compact, small-form-factor desktop PC that is built specifically for developers and data ...