Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
VS Code 1.127 enhances agent session management, introduces per-site browser permissions, and makes browser tools for agents ...
Everything you need to know about how we analyzed the 13,000+ comments submitted in the federal government’s request for ...
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, ...
Anthropic’s Claude models are now generally available in Microsoft Foundry, giving Azure developers and enterprise application teams another major frontier model option inside Microsoft’s cloud AI ...
Most organizations know they need to govern agentic output. Far fewer have a clear, practical path to doing so. Today, Sonar, a global leader in AI code verification, governance, and efficiency is ...
Lemon.io's 2026 rate report, based on real contracts with 2,500+ vetted developers, shows that senior software developer ...
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Ornith 1.0 by DeepReinforce is meant for developers who want AI that finishes the job, not just autocompletes the next line.
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.