The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

OpenAI Announces Unnerving New ChatGPT Feature Named ‘Lockdown Mode’

"Lockdown Mode is not intended for everyone," OpenAI's blog post says. In other words, you're probably not important enough.
heise online

Code execution possible: critical vulnerability in Windows Server exploited

Attackers are exploiting a critical security vulnerability in the Netlogon code of Windows Server to break into networks. The Belgian cybersecurity authority CCB reports. Apparently, a manipulated ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Say what you want about AI (pro or anti) but I feel like secretly writing malicious code is not a great way to do anything but make people stop using your software. The fact they obfuscated it says to ...
The Verge

Microsoft starts canceling Claude Code licenses

Thousands of Microsoft developers will use GitHub Copilot CLI instead Thousands of Microsoft developers will use GitHub Copilot CLI instead is a senior correspondent and author of Notepad, who has ...
InfoQ

CodeGuardian: a Model Context Protocol Server for AI-Assisted Code Quality Analysis and Security Scanning

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
Android

Pixel phones are becoming safer via Google's Rust code injection

Google is bringing Rust code to Pixel phones starting with the Pixel 10 as a security measure to prevent malicious attacks on the modem used inside Pixel 10 devices. This injection of Rust code is ...
CSOonline

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, ...
Gizmodo

Source Code for Anthropic’s Claude Code Leaks at the Exact Wrong Time

Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly ...