SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
BBC

US Supreme Court denies Alabama's request to carry out nitrogen gas execution

The US Supreme Court has denied an appeal by the state of Alabama to execute death row prisoner Jeffery Lee using nitrogen gas. Two lower courts had earlier blocked the use of nitrogen gas in ...
CNBC

DoorDash lets customers use photos, prompts to order food and book reservations in latest AI push

DoorDash launched a new chatbot that lets users order food and groceries and make reservations with photos and prompts. It's a market that's becoming a major testing ground for agentic AI tools.
The Guardian

US federal judge blocks Alabama from executing man by nitrogen gas

Emily C Marks finds method proposed to kill Jeffery Lee violates ban on cruel and unusual punishment A federal judge on Tuesday permanently blocked Alabama from executing a man with nitrogen gas after ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The US cybersecurity agency CISA on Wednesday urged federal agencies to ...