SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
winbuzzer.com

GLM-5.2 Tops Claude Code in Semgrep IDOR Benchmark

GLM-5.2, Z.ai’s open-weight model, has reached 39% F1 on Semgrep’s IDOR benchmark, beating Anthropic’s Claude Code coding assistant in the prompt-only lane. Claude Code scored 37% F1 with Opus 4.6 and ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
techtimes

Open-Source Coding Model Ornith-1.0 Writes Its Own Training Scaffold in Reinforcement Learning

DeepReinforce today released Ornith-1.0, a family of open-source coding models built around a mechanism most RL-trained agents avoid: the model itself writes the training harness that guides its own ...
SecurityWeek

GitLab Patches Code Execution, Information Disclosure Vulnerabilities

GitLab CE/EE security updates resolve 13 vulnerabilities, including high-severity code execution and information disclosure ...
GitHub

Security orchestration for code editor CLIs.

Shield detects your tech stack, runs every applicable security scanner in parallel, consolidates findings into a single report, calculates a risk score, proposes code fixes, and optionally files ...
GitHub

Awesome (Agent Package Manager) APM Stacks

AI dev tooling is the Wild West, and APM is the only credible attempt at a cross-agent dependency manager. Composable flavour packages mean you pull in only what each project needs. Meanwhile, the ...