Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Bleeping Computer

Malicious Edge extension abuses Native Messaging as bridge to malware

A malicious Microsoft Edge extension dubbed ‘Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained ...
Developer Tech

Mozilla shows Claude Code malware risk in clean GitHub repo

Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

Edge users beware — this malicious extension can break out of the sandbox and install ransomware

Researchers from Zscaler found a new malware campaign dubbed Edgecution.
CSO Online

Be on the lookout for Mistic, a new backdoor used by ransomware broker

The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs.
The Hacker News

Android | Breaking Cybersecurity News | The Hacker News

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

AI-Generated Fake Receipts Are Changing Expense Fraud

AI-generated fake receipts are making expense fraud cheaper, easier, and harder to detect, forcing companies to rethink how ...

Methodology for AP/'FRONTLINE’ investigation into how US tech is abused for global scams

The AP/“FRONTLINE” investigation was based on tens of thousands of leaked scam center files, videos and photos; an analysis with C4ADS of misuse of artificial intelligence at scam centers; an ...

As AI voices get harder to spot, ElevenLabs adopts Google’s SynthID to help you sniff the fakes

AI-generated voices are becoming nearly impossible to identify. ElevenLabs is now embedding invisible watermarks into its audio so you'll finally know when you're listening to AI.The Latest Tech News, ...