SecurityWeek

New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...
The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
Hackaday

Reverse-Engineering The Holy Stone H120D Drone

There are plenty of drones (and other gadgets) you can buy online that use proprietary control protocols. Of course, reverse-engineering one of these protocols is a hacker community classic. Today, ...
GitHub

Lighthouse - A Coverage Explorer for Reverse Engineers

Lighthouse is a powerful code coverage explorer for IDA Pro and Binary Ninja, providing software researchers with uniquely interactive controls to study execution maps for native applications without ...
Security Boulevard

Attackers Worldwide are Zeroing In on React2Shell Vulnerability

Threat actors of all stripes are descending on the React2Shell maximum-severity vulnerability in React Server Components (RSC), with security researchers seeing a torrent of attacks that range from an ...
The Hacker News

Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell

Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware that bakes in Large Language Model (LLM) capabilities. The malware has been codenamed ...
CSOonline

Attackers hide malicious code in Hugging Face AI model Pickle files

The popular Python Pickle serialization format, which is common for distributing AI models, offers ways for attackers to inject malicious code that will be executed on computers when loading models ...
LinkedIn

Linux Reverse Shell that (Almost) Always Works

A Linux reverse shell is a powerful tool for penetration testers and attackers alike. By leveraging common tools like Bash, Python, Netcat, or Socat, you can craft a reverse shell that (almost) always ...
Dark Reading

Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills

Though artificial intelligence is poised to drastically transform enterprise security operations centers (SOCs), for the moment at least, the top three technologies for new hires to be familiar with ...