Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
The goal in this project is to provide a simple Unix-like terminal on iOS. It uses ios_system for command interpretation, and includes all commands from the ios_system ecosystem (nslookup, whois, ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.
There was an error while loading. Please reload this page.
A North Korea-linked macOS backdoor has been caught hiding a prompt injection that targets malware analyst's AI tools, rather ...
Claude Code has a non-interactive mode called claude -p (short for claude --print) that you can call with a single command instead of using the chat interface. This is quietly useful, and I think ...