Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
IEEE

CID4IoT: IoT-Oriented Command Injection Vulnerability Detection Based on Critical Code Extraction and LLM Analysis

Abstract: The Internet of Things (IoT) devices have brought invaluable convenience to our daily lives. However, they also introduce significant security challenges. Common vulnerabilities in numerous ...
GitHub

why use many token when few do trick

A Claude Code skill/plugin (also Codex, Gemini, Cursor, Windsurf, Cline, Copilot, 30+ more) that makes agent talk like caveman — cuts ~75% of output tokens, keeps full technical accuracy. Brain still ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have.
Entrepreneur

The Man Behind Anthropic’s Claude Code Hasn’t Written a Line of Code in 8 Months — Here’s What He Does Instead

Boris Cherny is the creator of Anthropic’s Claude Code tool, which writes code on behalf of developers based on a text prompt. Cherny hasn’t handwritten code in eight months; instead, he manages ...
New York Post

Baby treated for rare epilepsy syndrome after doctors inject missing gene directly into his brain

An eight-month-old infant with rare but severe epilepsy has received an experimental gene replacement in a historic medical moment. The child was one of the first in the world to be treated with gene ...
TechCrunch

OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks

OpenAI announced a new feature that it says will provide additional protection from prompt injection attacks, where malicious chatbot instructions are hidden in web pages and other content sources.
Android

The Notification Trap: How a Text on WhatsApp Could Have Controlled Your Phone's AI

Security firm SafeBreach discovered a significant prompt injection flaw in Android’s Google Gemini that allowed malicious notifications from apps like WhatsApp or Slack to hijack the assistant. By ...
decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Add Decrypt as your preferred source to see more of our stories on Google. Microsoft researchers found that Anthropic's Claude Code GitHub Action could be manipulated through prompt injection attacks.
Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...
VentureBeat

Anthropic says 80% of its new production code is now authored by Claude — how your enterprise can keep up

Credit: VentureBeat made with OpenAI ChatGPT-Images-2.0 Anthropic co-founder and CEO Dario Amodei said it was coming, but it still feels like a milestone: More than 80% of the code merged into ...