Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, and credential risk.
Security tooling is not written in a single language. Python powers most automation. C sits at the exploit layer. PowerShell ...
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
ModelScope ms-agent CVE-2026-2256 (May 2026) extends the same pattern outside MCP: the agent's shell tool relied on a regex denylist (check_safe()) that attackers bypass through obfuscation or ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results