News

Claude Code makes it easy to trigger a code check now with this simple command
Developers can get a security review - with suggested vulnerability fixes - before their code is merged or deployed.
The Hacker News5d
Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection
Critical flaw in Cursor AI editor let attackers execute remote code via Slack and GitHub—fixed in v1.3 update.
Anthropic expands Claude Code’s security capabilities
The AI startup introduced automated security reviews to its agentic tool, aiming to ease vulnerability identification and ...
AI-powered Cursor IDE vulnerable to prompt-injection attacks
A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and ...
CPO Magazine2d
“Man in the Prompt”: New Class of Prompt Injection Attacks Pairs With Malicious Browser Extensions to Issue Secret Commands to LLMs
A new theoretical attack described by researchers with LayerX lays out how frighteningly simple it would be for a malicious or compromised browser extension to intercept user chats with LLMs and ...
Inside a Real Clickfix Attack: How This Social Engineering Hack Unfolds
ClickFix abuses clipboards. FileFix hijacks File Explorer. Both social engineering attacks start in the browser—and end in ...
SDxCentral6d
Google’s new AI agent terminal tool is vulnerable to a simple prompt hack
Tracebit analysts uncover a two-stage process that could allow a threat actor to access a developer’s entire terminal ...
This is how malicious hackers could exploit Gemini AI to control a smart home.
This Wired article shows how an indirect prompt injection attack against a Gemini-powered AI assistant could cause the bot to ...
CSO Online2d
How ‘Plague’ infiltrated Linux systems without leaving a trace
A malicious PAM module, undetected by VirusTotal, embedded itself in the login process, granting covert access and resisting ...
Hackers use hidden Raspberry Pi and custom malware to attack bank ATMs
In a striking example of how the combination of physical compromise, network manipulation, and technical subterfuge is reshaping the threat landscape for banks and other critical ...