Anthropic embedded undisclosed tracking logic in Claude Code v2.1.91, a move raising transparency concerns for developer ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Anthropic’s AI coding agent silently encoded proxy hostnames and Chinese timezone data into invisible Unicode characters ...
Learn how malicious AI agent skills easily bypass static scanners. Discover how runtime checking secures tools like Claude ...
A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system ...
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
StegoAd Microsoft Edge extensions malware affected up to 2.6 million users after the company removed 119 add-ons that hid ...
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt ...
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
Security tooling is not written in a single language. Python powers most automation. C sits at the exploit layer. PowerShell ...