A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
A patched Google Dialogflow CX flaw shows why enterprise AI chatbots need stronger access controls, logging, and runtime ...
Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
Alibaba's SkillWeaver framework routes AI agents through massive tool libraries with 99% less token consumption. Here's how ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Operation Navy Ghost is targeting Python developers who build Telegram bots by hiding backdoors inside trojanized Pyrogram forks uploaded to PyPI. The campaign has been active since November 2025, ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub ...