SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Tech Times

Linux Kernel Root Exploit Published: DirtyClone Attack Leaves No Trace

Linux kernel privilege escalation exploit DirtyClone (CVE-2026-43503) is publicly documented: JFrog published a working attack walkthrough Thursday showing how any local user can gain root on ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Anthropic’s Mythos AI Reportedly Hacked the NSA’s Most Sensitive Systems ‘in Hours’

When Anthropic first disclosed Mythos in April, it sent an anxious shockwave through much of the cybersecurity sector. The ...
GitHub

why use many token when few do trick

A Claude Code skill/plugin (also Codex, Gemini, Cursor, Windsurf, Cline, Copilot, 30+ more) that makes agent talk like caveman — cuts ~75% of output tokens, keeps full technical accuracy. Brain still ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...
IEEE

Agents4PLC: Automating Closed-Loop PLC Code Generation and Verification in Industrial Control Systems Using LLM-Based Agents

Abstract: In industrial control systems, the generation and verification of Programmable Logic Controller (PLC) code are crucial for ensuring operational efficiency and safety. While Large Language ...
The New York Times

In A.I. Blunder, More Than 34,000 Instagram Accounts Were Attacked

The flaw, which Meta said it had fixed, allowed anyone to take over accounts using a bug in the company’s new artificial intelligence software. By Mike Isaac and Eli Tan Mike Isaac covers Silicon ...
Bleeping Computer

Over 20,000 Instagram accounts stolen in Meta AI support hack

Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. As BleepingComputer reported ...
SecurityWeek

Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse

The social media giant has informed authorities about the impact of the recent attack involving an account recovery support tool. Meta says roughly 20,000 Instagram accounts may have been hacked in a ...