Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Christopher Harper is a tech writer with over a decade of experience writing how-tos and news. Off work, he stays sharp with gym time & stylish action games.
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Researchers found a way to trick AI coding assistants like Claude into running malware hidden in GitHub repositories. Here's ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results