Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
InfoWorld

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...

A Java library just tried to trick AI coding agents into deleting your tests, and it almost worked

The latest flare-up in the debate over AI-assisted coding did not come from a new model release or a benchmark result. It came from a single ...
Decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.
SecurityWeek

Exploit Code Published for Critical Flowise RCE Vulnerability

Proof-of-concept (PoC) code has been published for a one-click RCE vulnerability in open source LLM building platform Flowise.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
Arabian Post

Drupal flaw draws urgent patch race

US cyber authorities have added a critical Drupal Core SQL injection flaw to their exploited-vulnerabilities list after attacks began targeting unpatched websites using PostgreSQL databases, ...
DrBicuspid

Coding the digital workflow: CDT codes for 3D printing and scanning

It's true that 3D printers are not yet the standard of care, but the future is near. According to recent research, the dental 3D printing market in the U.S. is expected to grow at a compound annual ...
InfoQ

GitHub Expands Secret Scanning with General Availability of MCP Server Integration

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
VentureBeat

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

Just two months ago, researchers at the Data Intelligence Lab at the University of Hong Kong introduced CLI-Anything, a new state-of-the-art tool that analyzes any repo’s source code and generates a ...
Infosecurity-magazine.com

Anthropic Rolls Out Claude Security for AI Vulnerability Scanning

Anthropic has launched Claude Security in public beta to its Claude Enterprise customers. Previously known as Claude Code Security, the cybersecurity tool is built on Anthropic’s latest generally ...