Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
GitHub Inc.’s new Agentic Workflows feature that allowed an unauthenticated attacker to siphon data from private code ...
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, ...
Tom's Hardware on MSN
AI coding agents can be tricked into installing malware via 'clean' GitHub repositories
Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
Sophos says Claude Code, Cursor, and Codex triggered Windows endpoint rules for credential access, LOLBin downloads, and ...
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command ...
Varonis Systems, Inc. (NASDAQ: VRNS), the data and AI security leader, today announced support for Cursor, the AI-native coding tool. Varonis Atlas provides runtime enforcement, threat detection, and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results