SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
InfoWorld

Azul offers free JVM vulnerability risk assessment

Azul’s free risk assessment for Java estates addresses the blind spot that autonomous AI exploitation tools are increasingly ...
Tech Times

Linux Kernel Root Exploit Published: DirtyClone Attack Leaves No Trace

Linux kernel privilege escalation exploit DirtyClone (CVE-2026-43503) is publicly documented: JFrog published a working attack walkthrough Thursday showing how any local user can gain root on ...
Tech Times

Karpathy CLAUDE.md Grows to Ten Rules: New Self-Check Protocol for AI Coding Loops

Karpathy CLAUDE.md ten rules: a document attributed to Andrej Karpathy began circulating Friday, adding six agent self-check ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Don’t Let the Model Grade its Own Homework

When I watch our trade start handing its tests to language models, I don't feel relief. I feel the same itch I get when a release goes too quiet.