Random thoughts, occasional insights, and lessons from breaking things where the stakes were real. Twenty years shipping platforms, web, apps Every AI keynote shows the same demo. The assistant reads ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Turns out I use the app more when I don't need to open it.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either.