CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure.
In this photo illustration, the DeepSeek app is displayed on an iPhone screen on January 27, 2025 in San Anselmo, California. Newly launched Chinese AI app DeepSeek has surged to number one in Apple's ...
Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped ...