SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of ...
Hosted on MSN

Crocodiles eat python! Tug of war

This video explores a rare encounter between a crocodile and a python, highlighting natural predator interactions and the dynamics of survival in the wild. Trump claims he’ll sue ABC News over ...
Nature

Predictive modeling and optimization of surface roughness in Reverse-µEDM fabricated microeletrode arrays using ML models

This work discusses the fabrication of microelectrode arrays (MEAs) using a type of machining process called Reverse-Micro-Electrical-Discharge Machining (Reverse-µEDM). The main aim here is to ...
WeLiveSecurity

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers provide details on a previously undisclosed China-aligned APT group that we track as PlushDaemon and one of its cyberespionage operations: the supply-chain compromise in 2023 of VPN ...
LinkedIn

Exploit and Elevate: Reverse Shells in Action with MSFvenom

The first step in our penetration testing process was to perform an initial enumeration of the target IP using Nmap, one of the most widely used network scanning tools in the industry. This scan helps ...
LinkedIn

How to Set Up a Reverse SSH Tunnel to Access Your Local Machine from a Remote Machine

SSH (Secure Shell) enables secure connections between machines on local and remote networks. One of its lesser-known but extremely useful features is the reverse SSH tunnel, which allows a remote ...
The Hacker News

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases ...
GitHub

Build MCP Tools or AI Actions that connect AI Agents with the real-world - all in Python.

Sema4.ai is the easiest way to extend the capabilities of AI agents, assistants and copilots with custom actions, written in Python. Create and deploy tools, skills, loaders and plugins that securely ...
Ars Technica

Hugging Face, the GitHub of AI, hosted code that backdoored user devices

Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s ...
Dark Reading

Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models

Researchers have discovered about 100 machine learning (ML) models that have been uploaded to the Hugging Face artificial intelligence (AI) platform and potentially enable attackers to inject ...