Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
Bleeping Computer

Malicious Edge extension abuses Native Messaging as bridge to malware

A malicious Microsoft Edge extension dubbed ‘Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Decrypt

This AI Agent Survived 6,000 Hack Attempts—Here’s How

Developer Fernando Irarrázaval's AI agent experiment drew over 6,000 hack attempts from more than 2,000 attackers. No one ...
WeLiveSecurity

Award-winning news, views, and insight from the ESET security community

Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience. Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances ESET ...
Dark Reading

Vulnerabilities & Threats

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading ...
Computerworld

Industry

Nextcloud CEO: Open source moves from 'a nerdy audience' to the geopolitical stage Frank Karlitschek, head of the German software vendor, talked about the company’s decision to help develop the ...