AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command ...
Wiz says GhostApproval abuses symlinks so AI coding agents write to SSH keys or shell startup files while showing benign ...
A newly-disclosed exploit in Claude Code’s ‘auto-mode’ leaves developers facing remote code execution (RCE) vulnerabilities ...
LisaFPGA does what it says on the GitHub repo: "The Apple Lisa computer implemented inside an FPGA!" It's an open source ...
A “systematic vulnerability pattern” in at least six of the most widely used AI coding assistants can be abused to trick ...
A security vulnerability exists in six major coding agents: via a repository with malicious code, attackers can trick the AI ...
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Six major AI coding assistants have been found to share a flaw that turns their approval prompts into a rubber stamp, letting ...
GitHub Inc.’s new Agentic Workflows feature that allowed an unauthenticated attacker to siphon data from private code ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Wiz's 'GhostApproval' uses an old symlink trick to make six AI coding agents, from Amazon Q to Cursor, write outside the sandbox and hand over the box.