SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal credentials and wallet data.
InfoQ

Claude Code Adds Dynamic Workflows for Parallel Agent Coordination

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Erik Steiger discusses the operational pain ...
Bleeping Computer

Get a lifetime of ethical hacking and Python security training for $15

The Complete Ethical Hacking Course gives a strong introduction to cybersecurity with 29 hours of content across 320 lectures and a live ethical hacking lab where you practice what you’re learning in ...
techtimes

Claude Code Dynamic Workflows: Scripts Replace Context Windows, Ultracode Automates Orchestration

Anthropic shipped Claude Code Dynamic Workflows as a research preview on May 28, 2026, and the feature is architecturally more consequential than the Opus 4.8 benchmarks that dominated most coverage ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
The New York Times

Bluesky Says Kremlin Is Hacking Its Platform to Spread Propaganda

The company said it was fighting Russian efforts to hijack real users’ accounts to post fake content, an apparently novel tactic. By Steven Lee Myers Ben Gilbert describes himself on Bluesky, the ...
CoinDesk

The $293 million KelpDAO hack shows why DeFi is finally being forced to grow up

The $293 million KelpDAO exploit exposed how modern DeFi’s biggest vulnerabilities increasingly come from infrastructure, governance and operational security and not smart contract bugs, as protocols ...
TechCrunch

OpenAI says hackers stole some data after latest code security issue

Earlier this week, hackers hijacked several open source projects used by dozens of companies and pushed updates designed to spread malware. This is the latest in a string of recent supply-chain ...
Reuters

Hackers pushing innovation in AI-enabled hacking operations, Google says

May 11 (Reuters) - Hackers from a prominent cybercrime group used artificial intelligence to uncover a previously unknown software flaw and an exploit to take advantage of it for the first time, ...