Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
Decrypt

This AI Agent Survived 6,000 Hack Attempts—Here’s How

Developer Fernando Irarrázaval's AI agent experiment drew over 6,000 hack attempts from more than 2,000 attackers. No one ...
Decrypt

Leaked Code Suggests Anthropic Is Preparing to Bring Fable 5 Back

A leaker found new strings inside Claude Code that hint at weekly Fable 5 usage built into subscription plans, not sold separately as before.
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...
The Hacker News

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Researchers detail REF8372, a malvertising campaign using fake Node.js ads, Storj-hosted payloads, and OXLOADER to deploy ...
Forbes

Microsoft Ends Claude Code Licenses As It Shifts Developers To Copilot

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Illustration photo of a computer display with the Microsoft Copilot logo, shot in Savigny ...