Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

How to Use Claude Code to Draw Amazing Diagrams With Excalidraw

Claude Code diagram workflow uses an Excalidraw skill to generate and complex visuals are built section by section ...

Fake Claude Code install guides push infostealers in InstallFix attacks

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users ...

Anthropic Claude Code's security flaws expose devices to silent hacking, triggered from remote code execution; claims report

Security experts have identified three critical vulnerabilities in Anthropic's Claude Code, potentially allowing remote code execution and API key theft. Attackers could exploit malicious ...

Claude collaboration tools left the door wide open to remote code execution

Anthropic fixed the flaws – but the AI-enabled attack surfaces remain Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API ...

OpenAI Reportedly Eyes a GitHub Alternative

OpenAI is reportedly building an internal GitHub-style repo after outages, signaling rising tension with Microsoft as Codex agent use grows.
Tom's Hardware on MSN

Invisible malicious code attacks 151 GitHub repos and VS Code

The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code editor and terminal.

NanoClaw and Docker partner to make sandboxes the safest way for enterprises to deploy AI agents

Instead of one central AI system doing everything, the model emerging here is many bounded agents operating across teams, channels and tasks.
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
i-SCOOP

What is the Impact of AGENTS.md Files on the Quality of AI Output?

Are AGENTS.md files actually helping your AI coding agents, or are they making them stupider? We dive into new research from ETH Zurich, real-world experiments, and security risks to find the truth ...