SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
InfoQ

Million PDFs: Building a Modern Document Infrastructure with Rust and Typst

Erik Steiger discusses the operational pain of legacy PDF generation in regulated banking and manufacturing. He explains how ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

OpenAI launches new initiative to help find and patch open source bugs

OpenAI announced a new initiative on Monday designed to help the open source community improve its cybersecurity game and ...
CBS News

Pentagon updates religious codes after criticism from Mormons

The Pentagon on Monday updated its religious affiliation codes after members of the Church of Jesus Christ of Latter-day Saints criticized the list because it did not describe LDS as a "Christian" ...
IEEE

Finetuning Large Language Models for Vulnerability Detection

Abstract: This paper presents the results of finetuning large language models (LLMs) for the task of detecting vulnerabilities in Java source code. We leverage WizardCoder, a recent improvement of the ...