The Hacker News

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
IEEE

MagShadow: Physical Adversarial Example Attacks via Electromagnetic Injection

Abstract: Physical adversarial examples (AEs) have become an increasing threat to deploying deep neural network (DNN) models in the real world. Popular approaches adopt sticking-based or ...
decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Add Decrypt as your preferred source to see more of our stories on Google. Microsoft researchers found that Anthropic's Claude Code GitHub Action could be manipulated through prompt injection attacks.
Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...
The Hill

Tennessee fails to execute Tony Carruthers after IV difficulties. State won’t try again for a year

NASHVILLE, Tenn. (AP) — Tennessee officials on Thursday called off the lethal injection of Tony Carruthers, who was convicted of kidnapping and murdering three people in 1994, after his executioners ...
The Hacker News

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
Dark Reading

Reverse Engineering With AI Unearths High-Severity GitHub Bug

GitHub yesterday disclosed CVE-2026-3854, a high severity (8.7 CVSS) vulnerability identified in GitHub Enterprise Server that would grant an attacker with push access to a repository to achieve ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A researcher has disclosed the details of a prompt injection attack method named ‘Comment and Control’, which has been found to work against several popular AI code security and automation tools. The ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

In short:Security researcher Aonan Guan hijacked AI agents from Anthropic, Google, and Microsoft via prompt injection attacks on their GitHub Actions integrations, stealing API keys and tokens in each ...
winbuzzer.com

GitHub Copilot Injected Ads Into 1.5 Million Pull Requests

Microsoft’s GitHub Copilot has been found injecting promotional messages into more than 1.5 million pull requests across GitHub and GitLab, prompting GitHub to disable the feature on March 30 ...