Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
Researchers found a way to trick AI coding assistants like Claude into running malware hidden in GitHub repositories. Here's ...
Usage of the company's Copilot AI coding tool surged after GitHub changed how it bills customers, the executive said.