SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

North Korea-Linked macOS Malware Uses Prompt Injection to Evade AI Analysis

SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
InfoWorld

Visual Studio Code introduces restricted mode for untrusted folders

Workspace Trust feature in VS Code 1.26 lets users configure whether code in a project folder can be executed by VS Code ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

AI Shopping Gets Complicated at Checkout

AI Impact tracks Wall Street’s AI oversight, DXC’s agent build, AI shopping checkout and India’s place in the AI trade.
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Infosecurity MagazineOpinion

The Security Coverage Gap is a Math Problem

Coverage is the real problem, not detection. The teams that will thrive over the next five years are the ones rebuilding ...

Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
TMCnet

AgileAI Labs Unveils Spec2TestAI's Natural Language No-Code Automated Testing Tool

Software Development Teams build an end-to-end project knowledge base that self-improves generating enhanced, fully traceable ...
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Startup Fortune

Qualcomm is buying Modular for $4 billion to take on Nvidia where it actually counts

Qualcomm is in advanced talks to acquire AI inference and compiler startup Modular Inc. at a $4 billion valuation, Bloomberg ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...