Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Christopher Harper is a tech writer with over a decade of experience writing how-tos and news. Off work, he stays sharp with gym time & stylish action games.

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal credentials and wallet data.

The library consists of Python scripts that aids with working on network protocols, it ensures low-level programming access to other packets along with the implementation of the protocols. Packets can ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

For years, the cybersecurity industry warned that AI-assisted hacking was coming. It’s here now. Google’s Threat Intelligence Group (GTIG) has confirmed the first known case of a zero-day exploit ...

Threat actors in Latin America have begun to use AI agents to facilitate their entire attack chains, from assisting with initial access to generating penetration tools on the fly — and organizations ...

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. Google says hackers used AI to help build a zero-day exploit, then stopped it ...

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...