SecurityWeek

New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
GitHub

Roblox Auto Player Piano Script

This is a Roblox auto player script designed specifically for playing the piano in Roblox. It allows for the automated playback of songs, simulating precise key presses based on predefined sequences.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Python meat should never be on the menu. Here's why

Hunters participating in the Florida Python Challenge in July will have an abundance of python meet. But it is advised that ...
The Hacker News

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...

The Steam Workshop Is Being Used To Spread Malware To Thousands Of Users

Steam is one of the most popular storefronts in PC gaming, but it turns out that the Steam Workshop might presently be ...
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR), generalized to a campaign-based architecture that handles multiple concurrent and historical ...