The Hacker News

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
SecurityWeek

New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.
Tom's Hardware on MSN

AI coding agents can be tricked into installing malware via 'clean' GitHub repositories

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
GhanaWeb - Ghana HomePage

AI Coding Tools Can Be Tricked Into Running Malware: What Ghanaian Developers Need to Know

Researchers found a way to trick AI coding assistants like Claude into running malware hidden in GitHub repositories. Here's ...
GitHub

Sehab121/awesome-openclaw-skills-CN

code-mentor - Comprehensive AI programming tutor for all levels. codebuddy-code - CodeBuddy Code CLI installation, configuration and usage codeconductor - AI-powered software development platform for ...
GitHub

mmg1/awesome-shell-1

code-attic/ubuntu-dev - Some shell scripts I'm working on to help ease the pain of getting Ubuntu from fresh install to dev ready cloud8421/dotfiles - Opinionated shell configuration with support for: ...