SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Decrypt

This AI Agent Survived 6,000 Hack Attempts—Here’s How

Developer Fernando Irarrázaval's AI agent experiment drew over 6,000 hack attempts from more than 2,000 attackers. No one ...

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.

124 Million Unique Passwords Exposed In New Infostealer Log Dataset

A new collection of 124 million unique passwords from hundreds of millions of malware stealer log records has been confirmed ...

124M Passwords Exposed as Infostealer Malware Hits Millions of Devices

Have I Been Pwned has added 124 million passwords and 56 million email addresses from infostealer logs tied to infected ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
CoinDesk

Private keys, not smart contracts, caused 40% of crypto's $16 billion hack losses. Here's whats being done.

The industry is moving toward fixing the private key vulnerability issue, just not evenly, Wish Wu, co-founder and CEO of ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
PC Magazine

Password Manager Dashlane Reveals How a Hacker Stole Encrypted Vaults

Dashlane, a leading password manager, has revealed that a hacker exploited a security gap in the service’s online login system to steal encrypted vaults from fewer than 20 users. The theft occurred on ...
9to5google

Ultrahuman says recent security breach didn’t affect passwords or credit cards

Ultrahuman’s user database was recently hacked, and the smart ring company says there was “no evidence of misuse.” On March 27, Ultrahuman experienced a security breach that allowed malicious actors ...
Hosted on MSN

'Master password was exposed': Ethical hacker's stunning claims against CBSE

A major cyber security controversy has erupted after ethical hacker Nisarga Adhikary claimed to have discovered serious vulnerabilities in CBSE's digital evaluation system. Breaking: Saudi Aramco ...