SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
GitHub

dvdxfv/skill-writing-dna

改写后 DNA 对齐验证:报告句长偏差、签名表达命中、黑名单残留、AI 味残留、开头模式匹配和未应用 / 降权规则,辅助第三确认点判断。 公开最小测试集:上传脱敏 pytest 测试,覆盖样本预检 ...
Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
GhanaWeb - Ghana HomePage

AI Coding Tools Can Be Tricked Into Running Malware: What Ghanaian Developers Need to Know

Researchers found a way to trick AI coding assistants like Claude into running malware hidden in GitHub repositories. Here's ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Tech Times

Cursor’s GitHub Rival Origin and New SpaceX Model Raise Code Custody Stakes

Cursor Origin git platform launched at Compile alongside a 1.5-trillion-parameter model in training and a new iOS app, as ...

The AI coding craze gave GitHub its best month ever, executive tells employees

Usage of the company's Copilot AI coding tool surged after GitHub changed how it bills customers, the executive said.
InfoWorld

Using Visual Studio Code’s ‘air-gapped’ AI model mode

VS Code can use LLM models other than GitHub Copilot’s built-in providers for AI-assisted development, including local and ...