SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack ...

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Windows Report

Mozilla Warns Clean GitHub Repositories Can Trick Claude Code Into Running Malware

Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

North Korea-Linked macOS Malware Uses Prompt Injection to Evade AI Analysis

SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...

普通漏洞,还是恶意载荷?PhantomSkill 揭示 Agent Skill 供应链新风险

安全扫描器看到的可能是命令注入、路径穿越、不安全反序列化、敏感信息泄露等常见漏洞;但在 Agent Skill 场景里,这些“普通漏洞”可能会被 Agent 主动触发,并且带着文件权限、项目上下文、环境变量、Git 凭据、MCP 配置和 Agent 记忆一起进入执行链。