SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
GitHub

dvdxfv/skill-writing-dna

改写后 DNA 对齐验证:报告句长偏差、签名表达命中、黑名单残留、AI 味残留、开头模式匹配和未应用 / 降权规则,辅助第三确认点判断。 公开最小测试集:上传脱敏 pytest 测试,覆盖样本预检 ...
Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
GhanaWeb - Ghana HomePage

AI Coding Tools Can Be Tricked Into Running Malware: What Ghanaian Developers Need to Know

Researchers found a way to trick AI coding assistants like Claude into running malware hidden in GitHub repositories. Here's ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...