Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt ...
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) ...
A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...